Issue 18316: security negotiation through the use of custom HTTP headers (hdata-ftf)
Source: Demandware (Mr. Gerald Beuchelt, gbeuchelt(at)demandware.com)
Nature: Uncategorized Issue
Severity: 
Summary: We had identified a potential issue for a future hData RTF regarding the security negotiation through the use of custom HTTP headers. A future version of hData should use the WWW-Authenticate header instead of any X-hdata-* custom headers. 

Resolution: 
Revised Text: 
Actions taken:
December 13, 2012: received issue
Discussion: 

End of Annotations:=====

m: "Beuchelt, Gerald" <beuchelt@mitre.org>
To: "<hdata-ftf@omg.org>" <hdata-ftf@omg.org>, Juergen Boldt <juergen@omg.org>
Subject: Issue for hData RTF
Thread-Topic: Issue for hData RTF
Thread-Index: AQHN2ZEIkkdc4okRgkqmYMaiPsz1MA==
Date: Fri, 14 Dec 2012 00:22:01 +0000
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [172.31.33.247]
X-MIME-Autoconverted: from quoted-printable to 8bit by amethyst.omg.org id qBE0MPxK024086
X-Brightmail-Tracker: AAAAAA==
X-Brightmail-Tracker: AAAAAA==


All - 


We had identified a potential issue for a future hData RTF regarding the security negotiation through the use of custom HTTP headers. A future version of hData should use the WWW-Authenticate header instead of any X-hdata-* custom headers. 


Best, 


Gerald
\