[Osr-101] [Fwd: [Phoenix] Neutron-Auth does not specify
WWW-Authenticate header]
Andreas Wuest
awuest at student.ethz.ch
Thu Sep 7 16:43:30 CEST 2006
Hi
On 7.9.2006 16:28 Uhr, Thomas Comiotto wrote:
> Hi
>
> I think this has been discussed here before and we came to the
> conclusion that the protocol payload has to be parsed by default, but
> optimisation hints for specific transport protocols can be included
> where feasable.
>
> Note that lenya 1.2 implements Neutron without the need for a custom
> HTTP header. It does so by providing a single endpoint for neutron
> clients. Runs just fine.
Well, the problem is that RFC2616 says that if a 401 is returned "The
response MUST include a WWW-Authenticate header field (section 14.47)
containing a challenge applicable to the requested resource."
Therefore, not having such a header field violates the HTTP/1.1
specification anyway.
Having one would also ease the life of implementers, and not mess with
protocol layers.
> Am 07.09.2006 um 16:11 schrieb Andreas Wuest:
>
>> This message was of course intended for the Neutron mailinglist.
>>
>> -------- Original Message --------
>> Subject: [Phoenix] Neutron-Auth does not specify WWW-Authenticate header
>> Date: Thu, 07 Sep 2006 16:09:20 +0200
>> From: Andreas Wuest <awuest at student.ethz.ch>
>> To: phoenix at wyona.org
>>
>> Hi
>>
>> Neutron-Auth does not specify a value for the WWW-Authenticate header.
>> This makes it impossible to distinguish between used authentication
>> schemes on the application layer, because we have to inspect the actual
>> payload of the HTTP response to detect that we have a Neutron-Auth
>> challenge.
>>
>> I would therefore propose the following:
>>
>> WWW-Authenticate: Neutron-Auth
>>
>> This enables protocol handlers on the application layer to locate the
>> correct authentication module to use.
--
Kind regards,
Andi
More information about the Osr-101
mailing list