22 Jun 2012 03:44
#271: SHOULD review in p7
As per <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/271>, I'm reviewing our use of SHOULD in the documents; here I also pick on a few MAYs. Where I find issues, I've flagged with EDITORIAL or DESIGN as seems appropriate (I won't open issues for the design ones until we discuss; the editorial ones are considered attached to #271). 2.1 "Requests for protected resources that omit credentials, contain invalid credentials (e.g., a bad password), or partial credentials (e.g., when the authentication scheme requires more than one round trip) SHOULD return a 401 (Unauthorized) response." EDITORIAL - make the subject of the requirement more obvious, e.g., "Upon a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password), or partial credentials (e.g., when the authentication scheme requires more than one round trip), an origin server SHOULD return a 401 (Unauthorized) response. "Likewise, requests that require authentication by proxies that omit credentials, or contain invalid or partial credentials should return a 407 (Proxy Authentication Required) response. " EDITORIAL - same as above. 3.1 "If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the representation that was given in the response, since that representation might include relevant diagnostic information." OK 4.1(Continue reading)
RSS Feed