Poor software support for HTTP Authentication

This article summarises the bugs that plague HTTP Authentication. These have all been mentioned elsewhere in the series, but I've grouped them here by software.

I should probably mention here that none of the changes listed below require RFC changes. I'll summarise the suggested RFC changes in a separate article.

Server changes required

Apache is the only piece of server software that I have investigated. I'll leave further investigations up to others, but I assume similar changes will need to be made elsewhere.

Support optional HTTP Authentication; see Optional HTTP Authentication [1]
Support UTF-8 headers; see Lack of Internationalisation in HTTP Authentication [2]

Client changes required

Implement "Log out" and "Change User" buttons, and an "Authentication Manager"; see No Logout Button for HTTP Authentication [3]
Support UTF-8 headers; see Lack of Internationalisation in HTTP Authentication [4]
Internet Explorer only: Fix Digest Authentication; see Single sign-on for HTTP Authentication [5]

Links:
[1] http://computerstuff.jdarx.info/path%3Anode/3
[2] http://computerstuff.jdarx.info/path%3Ablog/Web_Programming/HTTP_Authentication/Internationalisation
[3] http://computerstuff.jdarx.info/path%3Ablog/Web_Programming/HTTP_Authentication/Logout
[4] http://computerstuff.jdarx.info/path%3Ablog/Web_Programming/HTTP_Authentication/Internationalisation
[5] http://computerstuff.jdarx.info/path%3Ablog/Web_Programming/HTTP_Authentication/Single_Sign_on