W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2006

Re: Caching authentication state

From: Robert Sayre <sayrer@gmail.com>
Date: Sat, 11 Mar 2006 12:12:13 -0500
Message-ID: <68fba5c50603110912h66edff13uc6f84b3130cd6783@mail.gmail.com>
To: "Mark Nottingham" <mnot@yahoo-inc.com>
Cc: ietf-http-wg@w3.org

On 3/10/06, Mark Nottingham <mnot@yahoo-inc.com> wrote:
>
> RFC 2616 section 14.8 says:
>
> >       If a request is
> >       authenticated and a realm specified, the same credentials SHOULD
> >       be valid for all other requests within this realm
>
> a) Is the intent of the first SHOULD to allow credential caching
> (e.g., similar to [1]) in intermediaries?

My guess would be no. I think it means that the same username/password
combination should be valid throughout the the realm. For example,
Digest clients can send cnonce and nonce-count values, so the actual
data sent changes with each request.

--

Robert Sayre
Received on Saturday, 11 March 2006 18:18:18 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:42 GMT