Sometimes specs are ambiguous because what seemed obvious at the time is interpreted differently; other times, they're purposefully ambiguous, so as to not disallow future use cases or extensions. I was hoping that one of the original authors would give their take on which it was... On 2006/03/11, at 9:12 AM, Robert Sayre wrote: > > On 3/10/06, Mark Nottingham <mnot@yahoo-inc.com> wrote: >> >> RFC 2616 section 14.8 says: >> >>> If a request is >>> authenticated and a realm specified, the same credentials >>> SHOULD >>> be valid for all other requests within this realm >> >> a) Is the intent of the first SHOULD to allow credential caching >> (e.g., similar to [1]) in intermediaries? > > My guess would be no. I think it means that the same username/password > combination should be valid throughout the the realm. For example, > Digest clients can send cnonce and nonce-count values, so the actual > data sent changes with each request. > > -- > > Robert Sayre > > -- Mark Nottingham http://www.mnot.net/Received on Saturday, 11 March 2006 18:31:38 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:22:14 GMT