Julian Reschke <[EMAIL PROTECTED]> wrote: > thanks for the good summary (with which I agree). > > Obviously it's a good idea for IETF specs that are based on HTTP to > talk about authentication options. What's really not clear to me why > it is expected that this exercise should be repeated for each and > every application of HTTP. > > Wouldn't it make a lot more sense if there'd be a single BCP about the > (currently) best way to do HTTP authentication (understanding that > this may be a moving target), and let other specs such as AtomPub > reference it?
This seems like a reasonable option to me, but of course it would hold up every HTTP draft until such document existed... :) -Ekr