W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2023

Comments on draft-vanrein-httpauth-sasl-08

From: Hugo Osvaldo Barrera <hugo@whynothugo.nl>
Date: Fri, 03 Feb 2023 09:57:52 +0000
Message-Id: <eefe6ea4-4fbc-4791-927c-d7ac70575e90@app.fastmail.com>
To: ietf-http-wg@w3.org

First, a minor note on language:

Section 2.1 and 2.2 refer to the "c2c", "c2s", "s2s" and "s2c" fields. These
are not "fields", they are *additional parameters* of the WWW-Authenticate
header field (this is the nomenclature found in rfc7235 section-4.1). Calling
them fields can be a bit confusing, especially during the first read and before
reaching the examples in Section 4.

I'm not entirely sure if the intended use of the User header is fully clear,
nor how User Agents are expected to determine a value for it. Perhaps it is
best to further elaborate on this?

Those minor comments aside, I do find this specification quite useful and would
like to voice my support of the proposal. In particular, HTTP with SASL would
be of much use for CalDAV (rfc4791) and CardDAV (rfc6352). Currently it is
possible to use email (IMAP and SMTP) with SASL (and therefore, SASL+OAUTH),
but there is no standard mechanism to use SASL for address books and calendars.
It seems quite clear to me that this specification has a very useful impact in
the WebDav space in general.

Kind Regards,

Received on Friday, 3 February 2023 19:22:59 UTC

This archive was generated by hypermail 2.4.0 : Friday, 3 February 2023 19:23:00 UTC