[OpenID] Proposal: SMTP service extension for Yadis discovery

Claus Färber GMANE at faerber.muc.de
Tue Feb 13 22:33:00 UTC 2007


Stephen Paul Weber <singpolyma at gmail.com> schrieb/wrote:
> On 08 Feb 2007 16:38:00 +0100, Claus Färber <claus at faerber.muc.de> wrote:
>> It does not work as intended. In http://user@example.com/, "user" is
>> an identity suggested to access http://example.com/. A RP could not
>> retrieve different information depending on the "user" part wihtout
>> knowing the password for each user (which it is supposed not to
>> know).

> How so?  The user part is transferred in the HTAUTH headers which the
> script can easily read...

What's a HTAUTH?

Seriously, there's no such header. If you mean the Authorization header
field, this one's only sent when the user (or URL) has provided a
username _and_ password.

Claus





More information about the general mailing list