[standards-jig] Call for Experience: JEP-0078 (Non-SASL Authentication)

Peter Millard pgmillard at gmail.com
Wed Sep 22 19:56:40 UTC 2004


On Wed, 22 Sep 2004 10:03:12 -0700, JD Conley <jconley at winfessor.com> wrote:
> Section 3.1: "If there is no such username, the server SHOULD NOT return
> an error" ...
> 
> I agree.  But why even leave the username in the get request?  It is
> completely unnecessary.  I know there are a lot of applications out
> there that require the element (some I have written, included), but it
> is unnecessary and should be removed if this JEP is progressing to
> final.

You presume that ALL users can authenticate using the same method.
This is not always the case. A server implementation may not allow
admins to ever authenticate via plaintext for example. We need to keep
the username element for these scenarios.

pgm.



More information about the Standards mailing list