- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Sun, 25 May 2008 18:18:24 +0200
- To: Werner Baumann <werner.baumann@onlinehome.de>
- CC: w3c-dist-auth@w3.org
Werner Baumann wrote: > > > Helge Hess wrote: >> Summary: even if the user is authenticated, one would reissue a 401 if >> access is denied to a resource. Which makes me wonder in what (real >> world) situations one would use 403 then. >> > Access restrictions based on IP-address might cause a 403, for instance. > Basically: > - 401 says: authenticate and the request will succeed Nope. It means: "authenticate, and the request will not fail again with 401. But potentially in a different way". > - 403 says: denied, and authentication will not help. Exactly. > ... BR, Julian
Received on Sunday, 25 May 2008 16:19:08 UTC