W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2003

Digest protection spaces

From: Jim Luther <luther.j@apple.com>
Date: Tue, 6 May 2003 17:04:02 -0700
To: ietf-http-wg@w3.org
Message-Id: <68EB70EC-801F-11D7-90EB-0003934B6A22@apple.com>

rfc2617, section 3.2.1, when describing the domain directive for a 
digest-challenge says, "The client can use this list to determine the 
set of URIs for which the same authentication information may be sent: 
any URI that has a URI in this list as a prefix (after both have been 
made absolute) may be assumed to be in the same protection space. If 
this directive is omitted or its value is empty, the client should 
assume that the protection space consists of all URIs on the responding 

Does this mean that if a server has multiple protection spaces, they 
cannot be nested? For example, if a server had a hierarchy of abs_paths 
like this:

|             |
"/Users/Bob"  "/Users/Public"

Can "/Users" be in one protection space, and "/Users/Bob" be in another 
protection space?

One implementation I've seen assumes the protection space for "/Users" 
includes "/Users", "/Users/Bob", "/Users/Public" and 
"/Users/Bob/Pictures", and that accessing anything below "/Users" with 
those credentials won't generate a challenge unless the server wants to 
update the credentials for that protection space.

Another implementation I've seen assumes "/Users/Bob" can be in a 
different protection space than "/Users". For example, if 
authentication credentials are known for both "/Users" and 
"/Users/Bob", the "/Users" credentials could be used for "/Users" and 
"/Users/Public" while the "/Users/Bob" credentials must be used for 
"/Users/Bob" and "/Users/Bob/Pictures" (i.e., the "/Users" credentials 
won't work for "/Users/Bob" and "/Users/Bob/Pictures").

Which implementation is correct?

Jim Luther
Received on Tuesday, 6 May 2003 20:04:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:36 UTC