[standards-jig] Call for Experience: JEP-0078 (Non-SASL Authentication)

Peter Millard pgmillard at gmail.com
Wed Sep 22 19:56:40 UTC 2004

On Wed, 22 Sep 2004 10:03:12 -0700, JD Conley <jconley at winfessor.com> wrote:
> Section 3.1: "If there is no such username, the server SHOULD NOT return
> an error" ...
> I agree.  But why even leave the username in the get request?  It is
> completely unnecessary.  I know there are a lot of applications out
> there that require the element (some I have written, included), but it
> is unnecessary and should be removed if this JEP is progressing to
> final.

You presume that ALL users can authenticate using the same method.
This is not always the case. A server implementation may not allow
admins to ever authenticate via plaintext for example. We need to keep
the username element for these scenarios.


More information about the Standards mailing list