W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1995

Anselm Baird_smith: Authentication spaces

From: Andy Norman <ange@hplb.hpl.hp.com>
Date: Mon, 23 Oct 1995 13:07:22 +0000
Message-Id: <199510231307.AA067923642@cuckoo.hpl.hp.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
[ This was probably meant for the list -- ange ]

------- Forwarded Message

Date:    Mon, 23 Oct 1995 14:01:57 +0100
From:    Anselm Baird_smith <abaird@houdon.inria.fr>
To:      http-wg-request@cuckoo.hpl.hp.com
Subject: Authentication spaces


Hi,

In implementing authentication in my server, I started by allowing
server maintainers to specify authentication attributes on a document
basis. This means, for example that

http://foo:8888/x/basic  can be protected through Basic auth.
http://foo:8888/x/digest can be protected through Digest auth.

The funny thing is that most browsers consider that http://foo:8888/x/*
defines an authentication space that should use the same scheme, even
if they have different authentication realms (correct me if I am wrong).

If my reading of the spec (HTTP/1.1 draft of August, 27th, but as I
remember it is the same for HTTP/1.0), I though that my approach was
'legal', is this correct ? (Well, anyway I'll have to come back to a
more reasonable approach if I want to interact properly with
browsers).

Anselm.

------- End of Forwarded Message
Received on Monday, 23 October 1995 06:11:24 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:34 EDT