Re: [http-auth] Alexey Melnikov's No Objection on draft-ietf-httpauth-extension-08: (with COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Sat, 03 September 2016 09:45 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D74F12B03D; Sat, 3 Sep 2016 02:45:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.72
X-Spam-Level:
X-Spam-Status: No, score=-2.72 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=fastmail.fm header.b=NhzV2DtD; dkim=pass (1024-bit key) header.d=messagingengine.com header.b=lkqHNmbO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2IrdSnhcpsqL; Sat, 3 Sep 2016 02:45:36 -0700 (PDT)
Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49D90126D74; Sat, 3 Sep 2016 02:45:36 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 7D1482052F; Sat, 3 Sep 2016 05:45:35 -0400 (EDT)
Received: from frontend1 ([10.202.2.160]) by compute6.internal (MEProxy); Sat, 03 Sep 2016 05:45:35 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.fm; h=cc :content-transfer-encoding:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-sasl-enc :x-sasl-enc; s=mesmtp; bh=4eoPoJ8EHxxweefbEphWc8e/2Ew=; b=NhzV2D tDhLjzQA82KeVAtQuVqBRIfkW+mwWukKS1ZByVAgmU0leRM7ZqTptelMupARlomv jrl0RpmkQI7fjGqy3j4/Wh4r8G/rGHI2nVhBctScc+tkhLN9lXhh7GK0CH3PMHgq iroXfHqRvMYy6xNGXEDkjGTPvbtRKSwNH7OKY=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=4eoPoJ8EHxxweef bEphWc8e/2Ew=; b=lkqHNmbOyv41SXMj2p6OAW1EdcpC8Z01SHtAEepa7rQKwYk ++P/UXxxSW2W7Qe4FX0MuPkOhcBsteR5izzeoOVsDFJY0fU+/OOFmXcujwCvjcBS eiXSSKNXY9u2H4rJdJ65s6FMl8HAIYqFLfaYpvF/VtncGyGqamshfR3StID8=
X-Sasl-enc: /E6BkwTxt5UPTbL4EprPJn/4C/t0TupqvNpU+3TVQPBE 1472895935
Received: from [10.211.47.173] (unknown [85.255.235.170]) by mail.messagingengine.com (Postfix) with ESMTPA id 2AADEF29D3; Sat, 3 Sep 2016 05:45:35 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (1.0)
From: Alexey Melnikov <aamelnikov@fastmail.fm>
X-Mailer: iPhone Mail (13G35)
In-Reply-To: <TY1PR01MB058849D777444188BE2474A7A0E40@TY1PR01MB0588.jpnprd01.prod.outlook.com>
Date: Sat, 3 Sep 2016 10:58:04 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <5F80951C-DF6A-4BD9-8818-167BFC5BE1A7@fastmail.fm>
References: <147274142144.10095.917266239677089935.idtracker@ietfa.amsl.com> <TY1PR01MB058849D777444188BE2474A7A0E40@TY1PR01MB0588.jpnprd01.prod.outlook.com>
To: =?utf-8?B?5aSn5bKp5a+b?= <y.oiwa@aist.go.jp>
Archived-At: <https://mailarchive.ietf.org/arch/msg/http-auth/yyQahV442YdYGCq1YItrFf_vVRQ>
Cc: "http-auth@ietf.org" <http-auth@ietf.org>, "httpauth-chairs@ietf.org" <httpauth-chairs@ietf.org>, The IESG <iesg@ietf.org>, "draft-ietf-httpauth-extension@ietf.org" <draft-ietf-httpauth-extension@ietf.org>
Subject: Re: [http-auth] Alexey Melnikov's No Objection on draft-ietf-httpauth-extension-08: (with COMMENT)
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Sep 2016 09:45:37 -0000

Hi,

On 3 Sep 2016, at 05:05, 大岩寛 <y.oiwa@aist.go.jp> wrote:

>> In 4.5:
>> 
>>   When the user requests termination of an authentication period, and
>>   if the client currently displays a page supplied by a response with
>>   this parameter, the client will be redirected to the specified
>>   location by a new GET request (as if it received a 303 response).
>> 
>> Is this value advisory? Should the client go to this page automatically or would
>> the server redirect it? If the latter, why does this need to be told to the
>> client?
> 
> We'll clarify it.  It's client's role to go to that page. 
> In client-initiated logging-out, the server cannot initiate redirect
> unless the client takes some action first.

Ok. So just to double check: the server will expire the session at the specified time, but the client needs to go to the specified web page once the session is expired?

Thank you,
Alexey