W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

[#177] Realm required on challenges

From: Mark Nottingham <mnot@mnot.net>
Date: Tue, 7 Jul 2009 17:15:17 +1000
Message-Id: <DDF4D888-A82B-4CC4-AFDB-A063C5E2D9F2@mnot.net>
To: HTTP Working Group <ietf-http-wg@w3.org>
[ this was raised anonymously ]

p7 defers to RFC2617 for the definition of challenge.

RFC 2617, section 1.2 says:

challenge = auth-scheme 1*SP 1#auth-param ... The authentication  
parameter realm is defined for all authentication schemes:

realm = "realm" "=" realm-value realm-value = quoted-string

The realm directive (case-insensitive) is required for all  
authentication schemes that issue a challenge.

The interpretation being that challenges (which is what www-  
authenticate is defined as) MUST contain at least one parameter and  
that parameter MUST be a realm.

Is it truly necessary for all authentication schemes to include a  
'realm' paramter? If so, it should be documented (e.g., in the section  
about extension authentication schemes).

Mark Nottingham     http://www.mnot.net/
Received on Tuesday, 7 July 2009 07:15:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 11:10:50 UTC