W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Basic auth and realms

From: Adrien de Croy <adrien@qbik.com>
Date: Mon, 16 Jun 2008 11:27:28 +1200
Message-ID: <4855A560.3040109@qbik.com>
To: HTTP Working Group <ietf-http-wg@w3.org>


Hi all. 

I've been looking through RFC2617 to try and track down some issues with 
basic auth to our proxy.

The specification makes it a requirement that any auth challenge must 
include at least one auth param.

    challenge = auth-scheme 1*SP 1#auth-param

in the case of Basic, the realm parameter is required.

The description of this realm parameter is confusing.  Especially when 
considering a proxy.  Commonly a proxy will want a realm that means 
"everywhere".  How should one specify this?  would it be

realm="/"
realm="*"

or what?  From 2617 s1.2

"The realm directive (case-insensitive) is required for all 
authentication schemes that issue a challenge. The realm value 
(case-sensitive), in combination with the canonical root URL (the 
absoluteURI for the server whose abs_path is empty; see section 5.1.2 of 
[2]) of the server being accessed, defines the protection space. "

This talks about an origin server.  It doesn't make sense for a proxy.  
Realm seems to only be usable within a single server space.  Do clients 
commonly deem the server in this case to be the proxy?

Browsers seem to behave differently in regards to when they will 
automatically re present the same proxy credentials.

Regards

Adrien

-- 
Adrien de Croy - WinGate Proxy Server - http://www.wingate.com
Received on Sunday, 15 June 2008 23:26:31 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:50:48 GMT