Ticket #357 (closed design: fixed)
|Reported by:||email@example.com||Owned by:||firstname.lastname@example.org|
|Component:||p7-auth||Severity:||In WG Last Call|
If the origin server does not wish to accept the credentials sent with a request, it SHOULD return a 401 (Unauthorized) response. The response MUST include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.
If a proxy does not accept the credentials sent with a request, it SHOULD return a 407 (Proxy Authentication Required). The response MUST include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy for the requested resource.
I think this is a bit misleading. Can an authentication exchange include more than one round trip? I think you need to be explicit one way or another. (If it can, then "does not accept" is not necessarily correct.)
- Status changed from new to closed
- Resolution set to incorporated
- Milestone changed from unassigned to 20
- Status changed from closed to reopened
- Resolution incorporated deleted