- From: <nicolas.mailhot@laposte.net>
- Date: 2014年12月19日 15:07:46 +0100 (CET)
- To: Eliot Lear <lear@cisco.com>, Bray Tim <tbray@textuality.com>, Yoav Nir <ynir.ietf@gmail.com>, Mark Nottingham <mnot@mnot.net>, Niels ten Oever <lists@digitaldissidents.org>, HTTP Working Group <ietf-http-wg@w3.org>, Willy Tarreau <w@1wt.eu>
- Message-ID: <1115932062.1591367.1418998066971.JavaMail.zimbra@laposte.net>
Proposal (another one properly generalized) ------------------------------------------------- 451 Forbidden by a third party human authority The 451 (Forbidden by a third party human authority) status code indicates that the equipment understood the request but is forbidden to fulfil it by a third party human authority. The error code does not distinguish between the various reasons human authorities may forbid a request. Those reasons can not be addressed by automated processing. Responses using this status code SHOULD include an explanation, in the response body, of the details of the restriction: the human third party authority imposing the restriction, its given reasons, and the eventual actions humans MAY perform in response to the restriction. The web client SHOULD relay this explanation and inform its human operators in the most appropriate and effective way. For example: (example response from draft) If authentication credentials were provided in the request, the equipment considers them insufficient to overcome the restrictions. The client SHOULD NOT automatically repeat the request with the same credentials. The client MAY repeat the request with new or different credentials. However, the request might be forbidden for reasons unrelated to the credentials. If authentication credentials were not provided in the request, and it could have been authorized with some credentials, the equipment SHOULD use the appropriate code to request authentication (for example 511, Network Authentication Required). The 451 status code MUST NOT be used to trigger authentications. The use of the 451 status code does not imply that the equipment will be able to fulfil the request once the human third party restrictions have been lifted. Most equipments will defer technical processing after checking if they are authorized to perform it. Therefore, technical problems MAY only be identified once the restriction is lifted. -------------------------------------------------------------------- (Not sure if "forbidden because we have detected malware" fits in there. Probably yes, deciding not to test the client security with malware is a human decision)
Received on Friday, 19 December 2014 14:08:12 UTC