mesos-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gilbert Song (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MESOS-7053) Support multiple challenges WWW-Authencate http heade.
Date Thu, 02 Feb 2017 18:55:51 GMT

    [ https://issues.apache.org/jira/browse/MESOS-7053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15850320#comment-15850320
] 

Gilbert Song commented on MESOS-7053:
-------------------------------------

/cc [~jieyu][~vinodkone][~anandmazumdar]

> Support multiple challenges WWW-Authencate http heade.
> ------------------------------------------------------
>
>                 Key: MESOS-7053
>                 URL: https://issues.apache.org/jira/browse/MESOS-7053
>             Project: Mesos
>          Issue Type: Bug
>          Components: libprocess
>            Reporter: Gilbert Song
>              Labels: authentication, http, libprocess
>
> According to RFC, duplicate http headers are not allowed:
> https://tools.ietf.org/html/rfc7230#section-3.2.2
> However, multiple headers can be appended as a comma separated list for one single header
section. This is also true for multiple challenges in Www-Authenticate with a 401 Unauthorized
response:
> https://tools.ietf.org/html/rfc2617#section-4.6
> We should support multiple challenges case and figure out which one is the strongest
auth-scheme that we should go with.
> A simple proposal might be selecting an auth-scheme by defining a priority, e.g.,
> 1. Bearer
> 2. Basic
> ...
> For sure, more discussion is needed.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message