ietf-nntp Re: Last major open issue (48x return codes)
Clive D.W. Feather
clive at demon.net
Thu Oct 2 22:31:04 PDT 2003
Russ Allbery said:
>>>> 401: the client must change the state of the connection in some other
>>>> manner. The first argument of the response SHOULD be the
>>>> extension-label (see Section 8) of the extension that provides the
>>>> necessary mechanism.
> It's a brand new return code so we can require anything we want. I think
> MUST is correct.
Okay.
>>> Probably then we'd need to do at least one of these:
>>> - provide a special first parameter that means "no specific extension
>>> is related, please display this string to the user"
>> "-" seems the obvious choice (you can't have dash in extension-labels).
> Why would you return 401 in this situation rather than just returning 502?
Because ...
dammit, you're right. If there's a way to change the state through an
extension (even one specific to that server), the extension name can be
reported. If there isn't, then 401 is the wrong code.
> > What I actually meant was, is there such a thing as a *generic*
> > "authorization extension" that justifies its own 48x *generic* response
> > and which justifies the use of the word in the description of x8x
> > responses?
>
> Yeah, I can't think of any. Authorization is not something the client
> does; it's something the server does. All that a client can do is
> establish its identity, and then authorization decisions are made by the
> server.
>
> I suppose that something like sending a client certificate that shows
> delegated authority would be something of a grey area, but I still
> consider that to be more authentication and decisions the server makes
> based on that information to be the real authorization event.
>
> I can't see how commands for authorization independent of authentication
> would be meaningful.
Okay, I'll take that bit of the wording out.
Looks like this topic is done and dusted.
--
Clive D.W. Feather | Work: <clive at demon.net> | Tel: +44 20 8495 6138
Internet Expert | Home: <clive at davros.org> | *** NOTE CHANGE ***
Demon Internet | WWW: http://www.davros.org | Fax: +44 870 051 9937
Thus plc | | Mobile: +44 7973 377646
More information about the ietf-nntp
mailing list