Re: HTTP/1.0 Review Plan

Alex Hopmann (hopmann@holonet.net)
Wed, 9 Aug 1995 12:40:21 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Roy Fielding: "Re: Negotiation in draft 01"
Previous message: Roy Fielding: "Re: Server capabilities investigation"
Maybe in reply to: Roy Fielding: "HTTP/1.0 Review Plan"

Various people wrote:
>>>   The same applies to Authorization.
>>
>>Let's go for the alternative.  Breaking all existing implementations of
>>something like this seems unnecessary.  If you *must* go for semicolons,
>>define a new header.
>
>Keep in mind that existing clients will not recognize the new header.
>That may not be a problem if both are provided, but will remain a problem
>for the Authorization field.
>
>Another alternative would be to forbid multiple schemes per resource,
>or require that applications parse the AA fields such that they can
>recover gracefully from unexpected folding.
>
>Perhaps the latter would be best for 1.0?

The only thing is that I have been seeing multiple WWW-Authenticate: fields
all over the net. If a server wants to inform clients that it will accept
multiple authorization schemes for a resources, it really seems to be
"current pratice" that the server include multiple WWW-Authenticate fields
rather than one WWW-Authenticate with several semicolon separated entries.

Does anyone else have any ideas about the WWW-Authenticate problem? I
believe that this is a key issue if we want to see DIGEST authentication
deployed.

Alex Hopmann
ResNova Software, Inc.
hopmann@holonet.net

Next message: Roy Fielding: "Re: Negotiation in draft 01"
Previous message: Roy Fielding: "Re: Server capabilities investigation"
Maybe in reply to: Roy Fielding: "HTTP/1.0 Review Plan"