To clarify, would the Authorization header hacks I mentioned last week
count as one of the known approaches?  


Lisa


On Oct 31, 2005, at 10:56 AM, Cullen Jennings wrote:


<excerpt>

<fontfamily><param>Verdana</param> Unless more than one person objects
in the next week, I'm going to invoke one of my rare Chair privileges
and claim that looks like consensus to me too.</fontfamily>


<fontfamily><param>Verdana</param> On 10/31/05 10:05 AM, "Jim
Whitehead" <<ejw@soe.ucsc.edu> wrote:</fontfamily>


<excerpt><fontfamily><param>Verdana</param>However, I still think the
right action here is:</fontfamily>


<fontfamily><param>Verdana</param> * Create a new appendix in 2518bis</fontfamily>

<fontfamily><param>Verdana</param> * In this appendix, document the
problem</fontfamily>

<fontfamily><param>Verdana</param> * Describe the known approaches for
addressing the problem (If approach, 100-continue approach) and their
issues</fontfamily>

<fontfamily><param>Verdana</param> * Create a separate draft focusing
just on the Force-Authenticate approach, and discuss on HTTP-WG list.</fontfamily>


<fontfamily><param>Verdana</param> Julian seems to think this is an OK
approach. Geoff seems to think this is OK. Jim Luther agrees with the
separate draft part.</fontfamily>


<fontfamily><param>Verdana</param> Dang if that doesn't seem like
something approaching rough consensus to me.</fontfamily>


<fontfamily><param>Verdana</param> - Jim</fontfamily>

</excerpt>

 </excerpt>