RE: Multiple Proxy-Authenticate challenges?
Paul Leach (paulle@microsoft.com)
Fri, 3 Apr 1998 17:18:36 -0800
none. Just forgot to update the one when I was updating the other. I'll fix
it in the next draft.
BTW: there isn't any good reason not to have multuple challenges for the
same mechanism, either (with different realms).
Jim: can we log this an an issue?
> ----------
> From: Gisle Aas[SMTP:gisle@aas.no]
> Sent: Friday, April 03, 1998 2:02 AM
> To: http-wg@cuckoo.hpl.hp.com
> Subject: Multiple Proxy-Authenticate challenges?
>
> Is there a good reason why WWW-Authenticate can have multiple
> challenges while Proxy-Authenticate can't?
>
> draft-ietf-http-v11-spec-rev-03:
>
> > Proxy-Authenticate = "Proxy-Authenticate" ":" challenge
> > WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge
>
> I also think that the following sentence from the description of
> WWW-Authenticate fits better if moved to the
> draft-ietf-http-authentication
> document as it is the one that define "challenge".
>
> > User agents
> > MUST take special care in parsing the WWW-Authenticate field value if
> it
> > contains more than one challenge, or if more than one WWW-Authenticate
> > header field is provided, since the contents of a challenge may itself
> > contain a comma-separated list of authentication parameters.
>
>
> Regards,
> Gisle
>