Re: By way of example.

2006/8/18, Eric J. Bowman:
> >>
> >>No, it assumes that some mechanism may be in place that differentiates
> >>the requester; authentication credentials, for instance.  In our
> >>implementation, /introspection returns different data based on the
> >>authenticated identity of the requester.  No querystring parameters are
> >>required.
> >>
>
> I will ask again.  Just how exactly have you implemented this?  By returning
> multiple resources at the same URI?  I asked what you were returning in
> Content-Location to differentiate /introspection between the individual users
> retrieving individual resources, without parameterizing the URL.
>
> I would still like an answer, instead of being told that only my
> implementation is incorrect by those who won't explain how theirs could
> possibly be made to work any differently than mine given that we've followed
> the same spec.


GET /introspection HTTP/1.1
Host: example.net
...

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="..."
...

GET /introspection HTTP/1.1
Host: example.net
Authorization: ...
...

HTTP/1.1 200 OK
Vary: Authorization
...

Note that you could also use "Vary: *".

--
Thomas Broyer