Authentication challenges in successful HTTP responses [foaf-dev]
Etan Wexler
ewexler at stickdog.com
Tue Jan 22 19:47:57 GMT 2008
Lukas Rosenstock wrote to the FOAF developers’ list (see
<http://lists.foaf-project.org/mailman/listinfo/foaf-dev>) on 2008-01-13
in “AW: [foaf-dev] for more information please log in”
(<http://lists.foaf-project.org/pipermail/foaf-dev/2008-January/008799.html>):
> It's not FOAF-specific, it could be applied to, let's say RSS-feeds of an
> online journal that has private postings, too. HTTP Basic Authorization or
> OAuth could be used for this, but the only way the client knows that he can
> authorize for this document is sending a "401". There should be something in
> HTTP, a header that states "additional content available on authorization".
> Any thoughts on this?
Where is the specification that limits authentication challenges to
responses whose Status-Code is “401”? I believe that there is no such
specification. In the absence of such a specification, the use of
authentication challenges is perfectly legitimate in any response,
including a response whose Status-Code is “200”.
I gave an example of that use in “Authentication and authorization as
influences on the content of responses [foaf-dev]”
(<http://lists.foaf-project.org/pipermail/foaf-dev/2008-January/008825.html>).
--
Etan Wexler.
More information about the foaf-dev
mailing list