I vote for (3) unless a good (4) is suggested. On 2010-06-27, at 6:51 PM, Eran Hammer-Lahav wrote:
> Over the past year many people expressed concerns about the use of the > ‘realm’ WWW-Authenticate header parameter. The parameter is defined in RFC > 2617 as required, and is allowed to have scheme-specific structure. > > We have a few options: > > 1. Leave it as required under the definition of RFC 2617 (i.e. provide no > help, developers will need to ready 2617 and figure out what to do with it). > 2. Update 2617 to remove the requirement – this is not going to be easy or > possible to predict success. > 3. Provide specific guidance as to what to do with the realm parameter. > 4. Something else. > > Comments? > > EHL > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
