W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Basic Authentication behavior (PROTECTION_SPACE issue.)

From: Foteos Macrides <MACRIDES@sci.wfbr.edu>
Date: Tue, 18 Nov 1997 12:11:12 -0500 (EST)
To: jg@pa.dec.com
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <01IQ5KL96GW200FXGD@SCI.WFBR.EDU>
jg@pa.dec.com (Jim Gettys) wrote:
>This is in last call...
>[...]
>My revised text is:
>
>"A client SHOULD assume that all paths at or deeper than the depth of the 
>last symbolic element in the path field of the Request-URI also are within 
>the protection space specified by the Basic realm value of the current 
>challenge. A client MAY send the corresponding Authorization header with 
>requests for resources in that space without receipt of another challenge 
>from the server."

	That's good.

	You might also want to add an explicit statement in the
section on Proxy-Authentication that the implied protection space
for Basic is all URLs (which means that the realm value is
irrelevant, but still must be included in the proxy's challenge
and in the client's Proxy-Authorization header).

				Fote

=========================================================================
 Foteos Macrides            Worcester Foundation for Biomedical Research
 MACRIDES@SCI.WFBR.EDU         222 Maple Avenue, Shrewsbury, MA 01545
=========================================================================
Received on Tuesday, 18 November 1997 09:16:05 EST

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:03 EDT