Preamble
|
3.4. Message Flow
This section details the conditions which regulate how requests and responses are matched, and which HTTP status
codes [HTTP][ Section 10] are set by the
responder.
- If a request is for a resource that is protected by HTTPsec, and the request is neither an Initialization Request or Continuation Request, the response SHOULD be a Challenge
Response, and MUST have a "
401 Unauthorized" [HTTP][ 10.4.2] status. The requester may subsequently send an initialization request.
- If a request is a Initialization Request that passes
validation, the response MUST be a well-formed
Initialization Response and MUST have a "
401
Unauthorized" [HTTP][ 10.4.2] status.
- If a request is a Initialization Request that fails
validation, the response MUST NOT be a Initialization Response or Continuation Response, and MUST have a "
400 Bad Request" [HTTP][ 10.4.1] status.
- If a request is a Continuation Request that passes
validation, the response MUST be a Continuation Response, with any status code from [HTTP][ Section 10] according to the rules
of that specification, with the exception of "
401 Unauthorized" [HTTP][ 10.4.2].
- If a request is a Continuation Request that fails validation, the response SHOULD be a Challenge Response, and MUST have a "
401 Unauthorized"
[HTTP][ 10.4.2] status. The requester
may subsequently send an initialization request.
|