[standards-jig] Call for Experience: JEP-0078 (Non-SASL Authentication)
pgmillard at gmail.com
Wed Sep 22 19:56:40 UTC 2004
On Wed, 22 Sep 2004 10:03:12 -0700, JD Conley <jconley at winfessor.com> wrote:
> Section 3.1: "If there is no such username, the server SHOULD NOT return
> an error" ...
> I agree. But why even leave the username in the get request? It is
> completely unnecessary. I know there are a lot of applications out
> there that require the element (some I have written, included), but it
> is unnecessary and should be removed if this JEP is progressing to
You presume that ALL users can authenticate using the same method.
This is not always the case. A server implementation may not allow
admins to ever authenticate via plaintext for example. We need to keep
the username element for these scenarios.
More information about the Standards