- From: Hugo Osvaldo Barrera <hugo@whynothugo.nl>
- Date: Fri, 03 Feb 2023 09:57:52 +0000
- To: ietf-http-wg@w3.org
Hi, First, a minor note on language: Section 2.1 and 2.2 refer to the "c2c", "c2s", "s2s" and "s2c" fields. These are not "fields", they are *additional parameters* of the WWW-Authenticate header field (this is the nomenclature found in rfc7235 section-4.1). Calling them fields can be a bit confusing, especially during the first read and before reaching the examples in Section 4. I'm not entirely sure if the intended use of the User header is fully clear, nor how User Agents are expected to determine a value for it. Perhaps it is best to further elaborate on this? Those minor comments aside, I do find this specification quite useful and would like to voice my support of the proposal. In particular, HTTP with SASL would be of much use for CalDAV (rfc4791) and CardDAV (rfc6352). Currently it is possible to use email (IMAP and SMTP) with SASL (and therefore, SASL+OAUTH), but there is no standard mechanism to use SASL for address books and calendars. It seems quite clear to me that this specification has a very useful impact in the WebDav space in general. Kind Regards, -- Hugo
Received on Friday, 3 February 2023 19:22:59 UTC