Opened 7 years ago

Closed 7 years ago

#357 closed design (fixed)

Authentication exchanges

Reported by: mnot@… Owned by: draft-ietf-httpbis-p7-auth@…
Priority: normal Milestone: 20
Component: p7-auth Severity: In WG Last Call
Keywords: Cc:

Description

If the origin server does not wish to accept the credentials sent with a request, it SHOULD return a 401 (Unauthorized) response. The response MUST include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.

If a proxy does not accept the credentials sent with a request, it SHOULD return a 407 (Proxy Authentication Required). The response MUST include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy for the requested resource.

I think this is a bit misleading. Can an authentication exchange include more than one round trip? I think you need to be explicit one way or another. (If it can, then "does not accept" is not necessarily correct.)

Attachments (1)

357.diff (2.4 KB) - added by julian.reschke@… 7 years ago.
Proposed patch

Download all attachments as: .zip

Change History (6)

Changed 7 years ago by julian.reschke@…

Proposed patch

comment:1 Changed 7 years ago by julian.reschke@…

From [1681]:

Clarify authentication exchanges (see #357)

comment:2 Changed 7 years ago by julian.reschke@…

  • Milestone changed from unassigned to 20
  • Resolution set to incorporated
  • Status changed from new to closed

comment:3 Changed 7 years ago by julian.reschke@…

From [1693]:

add ref to Part2 because of mention of status code 403 (see #357)

comment:4 Changed 7 years ago by mnot@…

  • Resolution incorporated deleted
  • Status changed from closed to reopened

comment:5 Changed 7 years ago by mnot@…

  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.