Re: Revised Access Authorization Spec

Tony Sanders (sanders@bsdi.com)
Thu, 16 Sep 1993 10:16:33 -0500


> * A given server supports a fixed set of authentication schemes, i.e.
> this set may not vary according to which ducument is being
> accessed. Otherwise this would complicate either rule or ACL file.
I don't think this should be a general restriction. Plexus will have
no problem doing this and configuration doesn't have to be unduly
complicated (e.g., you could simply put the config file in each top-level
directory instead of having a central one).

> * A reply from a protected server starts with a status line:
>
> HTTP/1.0 202 Privacy enhanced reply follows
Why define a new code? IMHO, all this information should be in headers,
not on the status line. You even already defined headers for this, so
this is really just duplicate information. Does it really serve any
purpose?

Oh, BTW, TimBL had suggested using WWW-foo: for the new headers we define
to avoid collisions. Of course, any headers you are using from existing
specs or proposals are fine.

We appreciate all your work on this.

--sanders