Multiple Proxy-Authenticate challenges?

Gisle Aas (gisle@aas.no)
Thu, 2 Apr 1998 16:34:53 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Gisle Aas: "More comments on draft-ietf-http-authentication-01.txt"

Is there a good reason why WWW-Authenticate can have multiple
challenges while Proxy-Authenticate can't?

draft-ietf-http-v11-spec-rev-03:

>         Proxy-Authenticate  = "Proxy-Authenticate" ":" challenge
>         WWW-Authenticate  = "WWW-Authenticate" ":" 1#challenge

I also think that the following sentence from the description of
WWW-Authenticate fits better if moved to the draft-ietf-http-authentication
document as it is the one that define "challenge".

>                                                          User agents
>  MUST take special care in parsing the WWW-Authenticate field value if it
>  contains more than one challenge, or if more than one WWW-Authenticate
>  header field is provided, since the contents of a challenge may itself
>  contain a comma-separated list of authentication parameters.


Regards,
Gisle

Next message: Gisle Aas: "More comments on draft-ietf-http-authentication-01.txt"