IETF Logo Mail Archive

Re: Working Group Last Call: draft-ietf-httpbis-auth-info

Hervé Ruellan <herve.ruellan@crf.canon.fr> Wed, 18 February 2015 12:42 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ietf.org@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 591AB1A1A91 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 18 Feb 2015 04:42:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.262
X-Spam-Level:
X-Spam-Status: No, score=-6.262 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_FR=0.35, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1u6VkySeZE_H for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Wed, 18 Feb 2015 04:42:49 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C77C1A8749 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Wed, 18 Feb 2015 04:42:48 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.80) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1YO3tS-0004ET-QU for ietf-http-wg-dist@listhub.w3.org; Wed, 18 Feb 2015 12:38:18 +0000
Resent-Date: Wed, 18 Feb 2015 12:38:18 +0000
Resent-Message-Id: <E1YO3tS-0004ET-QU@frink.w3.org>
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.80) (envelope-from <Herve.Ruellan@crf.canon.fr>) id 1YO3tK-0004DF-0h for ietf-http-wg@listhub.w3.org; Wed, 18 Feb 2015 12:38:10 +0000
Received: from inari-msr.crf.canon.fr ([194.2.158.67]) by maggie.w3.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from <Herve.Ruellan@crf.canon.fr>) id 1YO3tF-0004VX-QE for ietf-http-wg@w3.org; Wed, 18 Feb 2015 12:38:09 +0000
Received: from mir-msr.corp.crf.canon.fr (mir-msr.corp.crf.canon.fr [172.19.77.98]) by inari-msr.crf.canon.fr (8.13.8/8.13.8) with ESMTP id t1ICbcvi015913 for <ietf-http-wg@w3.org>; Wed, 18 Feb 2015 13:37:38 +0100
Received: from Antiope.crf.canon.fr (antiope.fesl2.crf.canon.fr [172.19.70.56]) by mir-msr.corp.crf.canon.fr (8.13.8/8.13.8) with ESMTP id t1ICbcK5028363 for <ietf-http-wg@w3.org>; Wed, 18 Feb 2015 13:37:38 +0100
Received: from timor.intra-usr.crf.canon.fr (172.20.4.8) by Antiope.crf.canon.fr (172.19.70.62) with Microsoft SMTP Server (TLS) id 15.0.995.29; Wed, 18 Feb 2015 13:37:37 +0100
Message-ID: <54E48791.2010303@crf.canon.fr>
Date: Wed, 18 Feb 2015 13:37:37 +0100
From: Hervé Ruellan <herve.ruellan@crf.canon.fr>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version: 1.0
To: ietf-http-wg@w3.org
References: <0E4872BF-EBCB-42C0-9BF9-8BC179C1BDDA@mnot.net>
In-Reply-To: <0E4872BF-EBCB-42C0-9BF9-8BC179C1BDDA@mnot.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [172.20.4.8]
X-ClientProxiedBy: Antiope.crf.canon.fr (172.19.70.62) To Antiope.crf.canon.fr (172.19.70.62)
Received-SPF: none client-ip=194.2.158.67; envelope-from=Herve.Ruellan@crf.canon.fr; helo=inari-msr.crf.canon.fr
X-W3C-Hub-Spam-Status: No, score=-3.3
X-W3C-Hub-Spam-Report: AWL=-3.294, RCVD_IN_DNSWL_NONE=-0.0001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001
X-W3C-Scan-Sig: maggie.w3.org 1YO3tF-0004VX-QE d3bcbd97a93293ca7e22564369f63015
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Working Group Last Call: draft-ietf-httpbis-auth-info
Archived-At: <http://www.w3.org/mid/54E48791.2010303@crf.canon.fr>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/28855
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

I think the purpose of the headers should be made more consistent across 
the document.
In the Introduction, they are used to "return additional information 
during or after authentication", while in 3, the Authentication-Info 
header is used to "communicate additional information regarding the 
successful authentication".

DIGEST use it in an optional manner, to convey additional information 
after a successful authentication.
Scram is using it in a mandatory manner, to finalize the authentication, 
by conveying information for authenticating the server.

I think that Authentication-Info should be used by the server once the 
client is authenticated (i.e. the status code is not 401), to either 
convey additional information or finalize the authentication.

I created a pull request in this direction:
https://github.com/httpwg/http-extensions/pull/47

Hervé.

On 02/10/2015 11:59 PM, Mark Nottingham wrote:
> Everyone,
>
> Julian believes (with his editor hat on) that this is ready. As discussed, this is a simple document to pull the Authentication-Info and Proxy-Authentication-Info header fields out of 2617, so that they’re not associated with a particular authentication scheme (thereby avoiding lots of scheme-specific headers).
>
> Therefore, this is the announcement of WGLC for:
>   https://tools.ietf.org/html/draft-ietf-httpbis-auth-info-02
>
> Please review the document carefully, and comment on this list.
>
> WGLC will end on 25 February.
>
> Cheers,
>
> --
> Mark Nottingham   https://www.mnot.net/
>
>
>
>
>

v2.39.1 | Report a Bug | By Email | System Status