W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > September to December 1997

Re: Proposal for new HTTP 1.1 authentication scheme

From: Foteos Macrides <MACRIDES@sci.wfbr.edu>
Date: Fri, 12 Dec 1997 12:49:35 -0500 (EST)
To: Ronald.Tschalaer@psi.ch
Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Message-Id: <01IR34WN19820006Y4@SCI.WFBR.EDU>
X-Mailing-List: <http-wg@cuckoo.hpl.hp.com> archive/latest/4926
Ronald.Tschalaer@psi.ch (Life is hard... and then you die.) wrote:
>> >    domain
>> >      A space-separated list of URIs, as specified in RFC XURI [7]. The
>> >      intent is that the client could use this information to know the set
>> >      of URIs for which the same authentication information should be sent.
>> >      The URIs in this list may exist on different servers. If this keyword
>> >      is omitted or empty, the client should assume that the domain
>> >      consists of all URIs on the responding server with paths at or deeper
>> >      than the depth of the last symbolic element in the path field of the
>> >      Request-URI.
>> >
>> What does "last symbolic element in the path field of the Request-URI" mean?
>Maybe an example is best. Assume the Request-URI is
>"http://somewhere/the/path/index.html" then you want to to talk about all
>URIs with a prefix of "http://somewhere/the/path/", i.e. the scheme, the
>site component and the path component of the Request-URI minus any trailing
>segment. I assumed "symbolic element" to refer to "/".

	Your example is correct, but "symbolic elements" refers to
the "substrings in a URL path that comprise a hierarchy delimited
by slashes".  They are symbolic because the server's configuration
file normally maps them appropriately for the platform's physical
file system, whereas the URL paths, themselves, have a platform
independent syntax.  The "last symbolic element" in a Request-URI
such as  http://somewhere/the/path/  is a zero-length substring
following the last slash, which by convention is interpreted as a
"symbol" for the configured index filename, or for a directory
listing if allowed by the server and the configured index filename
is not found.  The logic is homologous to that for resolving
partial references versus a base URL.  The "template" terminology
used originally, when Ari was developing Basic authentication for
the CERN server, may be more clear, but didn't catch on.  The
"template" is everything up to the last slash of the path (or
implied lead slash for an http(s) Request-URI with no explicit
path), and anything which has that as a prefix is considered to
be in the protection space specified by the realm value.  You're
basically suggusting that the items in a "domain" list should be
considered "templates" (prefixes) for (symbolic) protection spaces,
and that the default is to use a "template" derived from the

	I'm not sure how well that would work in conjunction with
nounce handing, and other aspects of Digest authentication which
are more complicated than Basic, but agree with you that most
implementors would like it to be as "drop in" as possible with
respect to existing Basic implementations.


 Foteos Macrides            Worcester Foundation for Biomedical Research
 MACRIDES@SCI.WFBR.EDU         222 Maple Avenue, Shrewsbury, MA 01545
Received on Friday, 12 December 1997 09:55:56 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 14:40:21 UTC