W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2008

Re: Basic auth and realms

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Tue, 17 Jun 2008 02:25:00 +0200
To: Adrien de Croy <adrien@qbik.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <k60e5411on48gtargpsf55e5636cogll94@hive.bjoern.hoehrmann.de>

* Adrien de Croy wrote:
>How does that fit with appending the realm to a base URI to get a 
>"protection space".  to me it seems that indicates that the realm should 
>be like a folder on a webserver.  The credentials may be automatically 
>re-presented for any URL that maps to a resource in that folder (or any 

"Combination" here does not mean textual concatenation. Read it like you
would read "A specific latitude in combination with a specific longitude
identifes a precise position on the Earth's surface".

>How then can the client decide whether to try the credentials or not if 
>it cannot apriori calculate whether the next URI request will be in the 
>same realm as some previous realm?

It cannot do that, it can only make certain assumptions as suggested in
the specification, for example, "A client SHOULD assume that all paths
at or deeper than the depth of the last symbolic element in the path
field of the Request-URI also are within the protection space specified
by the Basic realm value of the current challenge."
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Tuesday, 17 June 2008 00:25:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:46 UTC