Suppose I have a URL space that I want to protect. I would prefer to use Digest authentication if the user-agent understands it. Otherwise I can use Basic. Is it meaningful (and correct) to send: WWW-Authenticate: Digest realm="foo", nonce="xxx", opaque="yyy", Basic realm="foo" (Yes, same realm name, although I suppose I could tolerate different names.) Is it valid to ask for authentication with more than one set of credentials for the same scheme, e.g., WWW-Authenticate: Basic realm="foo", Basic realm="bar" If these are reasonable headers, then I think 10.44 WWW-Authenticate should stipulate something about the order of credentials in WWW-Authenticate, such as that they are in the order of preference from the origin server. (If the headers are unreasonable, then the grammar for 10.44, 1#challenge, is wrong.) Dave KristolReceived on Monday, 29 April 1996 13:57:53 EDT
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:53 EDT