Paul Kyzivat wrote:
It seems you are assuming a lot of intelligence on the part of the UAS. If it receives a request with credentials, and those credentials are wrong, under normal circumstances it should return a 401. (After all, you may just have mistyped your password, and need another try to get it right.) The simplest thing for the UAS to do is act statelessly and treat each request as it comes, so if you were to retry repeatedly with the same or different but incorrect credentials you would continue to receive 401 responses.
Yes, I agree.. this is what I would normally expect. Then if the user gets tired of trying, he/she can quit, and the "loop" will stop. In fact this is what our product does, but during integration testing with other vendors (who shall remain nameless) we noticed the aforementioned 403 behavior.
I don't see that 403 is ever the right answer if credentials are required and you have not presented valid ones. I think the UAC should treat 403 as meaning you are recognized but not permitted to do what you ask. If it is used improperly by some UAS then you will get odd behavior until you beat up the vendor to use a more appropriate response.
Yes, I also agree here .. but for a company with such leverage as cisco, beating up the vendor is far easier .. ;) ;)
-- David Stuart, SIPquest Email: dave (at) sipquest (dot) com Phone: 254-8886 x234 Web: http://www.sipquest.com/ Address: 106 - 350 Terry Fox Drive, Kanata Ontario, K2K 2P5
_______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
