- From: Thomas Broyer <t.broyer@gmail.com>
- Date: Thu, 27 Nov 2008 18:15:12 +0100
On Thu, Nov 27, 2008 at 5:56 PM, Julian Reschke wrote: > Thomas Broyer wrote: >> >> I don't really mind, as long as the server is able to say "I give you >> this thing to you anonymous user, but you can also authenticate (e.g. >> to be proposed more features)". This is the exact use-case many web >> site (including most if not all e-commerce web sites) are facing, and >> it'd be cool that it could be dealt with at the HTTP level. > > Yes, I agree that this is a valid use case. I think "Vary: Authentication" > is sufficient for a client to detect that authenticating will indeed have an > effect. > > What else do we need? A challenge ! ;-) ...so that the UA knows *how* to authenticate (hence the "WWW-Authenticate in 200" suggestion) -- Thomas Broyer
Received on Thursday, 27 November 2008 09:15:12 UTC