+1 (for #3->#4) From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Torsten Lodderstedt Sent: Monday, June 28, 2010 11:08 AM To: Dick Hardt Cc: OAuth WG (oauth@ietf.org) Subject: Re: [OAUTH-WG] What to do about 'realm'
+1 Am 28.06.2010 07:37, schrieb Dick Hardt: I vote for (3) unless a good (4) is suggested. On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote: Over the past year many people expressed concerns about the use of the 'realm' WWW-Authenticate header parameter. The parameter is defined in RFC 2617 as required, and is allowed to have scheme-specific structure. We have a few options: 1. Leave it as required under the definition of RFC 2617 (i.e. provide no help, developers will need to ready 2617 and figure out what to do with it). 2. Update 2617 to remove the requirement - this is not going to be easy or possible to predict success. 3. Provide specific guidance as to what to do with the realm parameter. 4. Something else. Comments? EHL _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
