Question on Multiplicity of Authorization and WWW-Authenticate
Jan Algermissen <jan.algermissen@nordsc.com> Tue, 16 April 2013 11:56 UTC
Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BFDB21F96C6 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 16 Apr 2013 04:56:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -8.74
X-Spam-Level:
X-Spam-Status: No, score=-8.74 tagged_above=-999 required=5 tests=[BAYES_20=-0.74, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fE5kbau2G9AS for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 16 Apr 2013 04:56:51 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id A26EC21F935D for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 16 Apr 2013 04:56:51 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1US4U4-000462-9D for ietf-http-wg-dist@listhub.w3.org; Tue, 16 Apr 2013 11:55:36 +0000
Resent-Date: Tue, 16 Apr 2013 11:55:36 +0000
Resent-Message-Id: <E1US4U4-000462-9D@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <jan.algermissen@nordsc.com>) id 1US4U1-00045N-Sw for ietf-http-wg@listhub.w3.org; Tue, 16 Apr 2013 11:55:33 +0000
Received: from moutng.kundenserver.de ([212.227.126.171]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:16) (Exim 4.72) (envelope-from <jan.algermissen@nordsc.com>) id 1US4U0-0006Qg-Na for ietf-http-wg@w3.org; Tue, 16 Apr 2013 11:55:33 +0000
Received: from [192.168.2.102] (p548FB962.dip.t-dialin.net [84.143.185.98]) by mrelayeu.kundenserver.de (node=mreu2) with ESMTP (Nemesis) id 0Lb6xp-1Uq5hI3Cpt-00lGja; Tue, 16 Apr 2013 13:55:05 +0200
From: Jan Algermissen <jan.algermissen@nordsc.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Message-Id: <0F597111-A3C0-45D6-84EB-E357B5AEAA26@nordsc.com>
Date: Tue, 16 Apr 2013 13:55:07 +0200
To: ietf-http-wg@w3.org
Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\))
X-Mailer: Apple Mail (2.1499)
X-Provags-ID: V02:K0:eEBZpdhqFwSfeWEoUaTC0FjfXZiMJqISHl4Z7Ukjb8g RTpCnezh1cpxVDSijrYdC+9J2nX/k7gvhaW0t829Fy5536d9u0 n4rw61zxE+rr9+ZYq2uTgfIvJ28GWGaPq1BZzid5C8ibuFAUrV 5kUTqbmBbTEboEZK1FD1gf3PXJavz/enMHrHK3k5zheNTcL3oX NBnyE0NYUUD4JehaaqSlpT6asUZURyrHyHQai+w8ZWmbINbe+u keHJvRRlzgeRWPjtpPrJhPMOjfyGqYPfC7xbBcC2xZtIg7By1/ v/8XuJnxtPViI99Txi1wq3Ap/bKnJfZ9XTILSjFTdi1lvA4vIU x+WxaxFQInlCcWl9kiomuQOXZ04iFOmPimuNVYtmEuSs+OZflN 4SZ2HyDYLaxzw==
Received-SPF: none client-ip=212.227.126.171; envelope-from=jan.algermissen@nordsc.com; helo=moutng.kundenserver.de
X-W3C-Hub-Spam-Status: No, score=-3.5
X-W3C-Hub-Spam-Report: AWL=-3.450, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1US4U0-0006Qg-Na 1218968f672419af7cbdde04bc87e8f8
X-Original-To: ietf-http-wg@w3.org
Subject: Question on Multiplicity of Authorization and WWW-Authenticate
Archived-At: <http://www.w3.org/mid/0F597111-A3C0-45D6-84EB-E357B5AEAA26@nordsc.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/17250
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Hi, I was wondering whether there can be multiple Authorization headers in an HTTP request. AFAIU does not address the question, so I turned to [2] which suggests that there can only be one Authorization header per request. Because Authorization does not have a list value format. Is that interpretation correct? I am wondering because I understand [1] to say that WWW-Authenticate can indeed be used multiple times. However, WWW-Authenticate also does not have a list value format but is also not listed as an exception in [2], as is Set-Cookie. Can anyone clarify? Jan [1] http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-22 [2] http://tools.ietf.org/html/draft-ietf-httpbis-p1-messaging-22#section-3.2.2
- Question on Multiplicity of Authorization and WWW… Jan Algermissen
- Re: Question on Multiplicity of Authorization and… Julian Reschke
- Re: Question on Multiplicity of Authorization and… Julian Reschke