W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

Re: Proxy authentication

From: John Franks <john@math.nwu.edu>
Date: Tue, 23 Apr 1996 14:14:30 -0500 (CDT)
To: "Roy T. Fielding" <fielding@avron.ICS.UCI.EDU>
Cc: Mary Ellen Zurko <zurko@osf.org>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <Pine.SUN.3.91.960423140735.1969A-100000@hopf.math.nwu.edu>
On Tue, 23 Apr 1996, Roy T. Fielding wrote:

> 
> Proxy-Authenticate and Proxy-Authorization are (or should be) defined 
> according to the Netscape Proxy implementation.  The current spec is
> lacking the wording that I sent in a couple months ago about how the
> proxy should forward the field if the credentials do not apply to it.
> One problem is that the realm is not sent with the credentials (only
> with the challenge), and thus things can still get messed-up if more
> than one proxy is demanding credentials on a single request.
> 

In the current 02 version of the spec it is not clear (to me) that
the realm is required to be unique across hosts/proxies.  Here is what
the spec says:


            realm          = "realm" "=" realm-value
            realm-value    = quoted-string



      The realm attribute (case-insensitive) is required for all
      authentication schemes which issue a challenge. The realm value (case-
      sensitive), in combination with the canonical root URL of the server
      being accessed, defines the protection space. These realms allow the
      protected resources on a server to be partitioned into a set of
      protection spaces, each with its own authentication scheme and/or
      authorization database. The realm value is a string, generally assigned
      by the origin server, which may have additional semantics specific to
      the authentication scheme.



John Franks 	Dept of Math. Northwestern University
		john@math.nwu.edu
Received on Tuesday, 23 April 1996 12:23:28 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:51 EDT