Re: Revised Access Authorization Spec

Tony Sanders <sanders@bsdi.com>
Errors-To: sanders@bsdi.com
Errors-To: sanders@bsdi.com
Message-id: <9309161516.AA02924@austin.BSDI.COM>
To: www-talk@nxoc01.cern.ch
Subject: Re: Revised Access Authorization Spec 
In-Reply-To: Your message of Thu, 16 Sep 93 14:42:57 +0200.
Errors-To: sanders@bsdi.com
Reply-To: sanders@bsdi.com
Organization: Berkeley Software Design, Inc.
Date: Thu, 16 Sep 1993 10:16:33 -0500
From: Tony Sanders <sanders@bsdi.com>
Status: RO
>  * A given server supports a fixed set of authentication schemes, i.e.
>    this set may not vary according to which ducument is being
>    accessed. Otherwise this would complicate either rule or ACL file.
I don't think this should be a general restriction.  Plexus will have
no problem doing this and configuration doesn't have to be unduly
complicated (e.g., you could simply put the config file in each top-level
directory instead of having a central one).

>  * A reply from a protected server starts with a status line:
> 
> 	HTTP/1.0 202 Privacy enhanced reply follows
Why define a new code?  IMHO, all this information should be in headers,
not on the status line.  You even already defined headers for this, so
this is really just duplicate information.  Does it really serve any
purpose?

Oh, BTW, TimBL had suggested using WWW-foo: for the new headers we define
to avoid collisions.  Of course, any headers you are using from existing
specs or proposals are fine.

We appreciate all your work on this.

--sanders