W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > January to April 1996

11. Access Authentication

From: Dave Kristol <dmk@allegra.att.com>
Date: Mon, 29 Apr 96 16:51:02 EDT
Message-Id: <9604292051.AA24075@zp.tempo.att.com.tempo.att.com>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/381
Suppose I have a URL space that I want to protect.  I would prefer to
use Digest authentication if the user-agent understands it.  Otherwise
I can use Basic.  Is it meaningful (and correct) to send:

	WWW-Authenticate:  Digest realm="foo", nonce="xxx", opaque="yyy",
			   Basic realm="foo"

(Yes, same realm name, although I suppose I could tolerate different

Is it valid to ask for authentication with more than one set of
credentials for the same scheme, e.g.,
	WWW-Authenticate: Basic realm="foo",
			  Basic realm="bar"

If these are reasonable headers, then I think 10.44 WWW-Authenticate
should stipulate something about the order of credentials in
WWW-Authenticate, such as that they are in the order of preference from
the origin server.  (If the headers are unreasonable, then the grammar
for 10.44, 1#challenge, is wrong.)

Dave Kristol
Received on Monday, 29 April 1996 13:57:53 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:16 UTC