W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2009

Re: [#177] Realm required on challenges

From: Henrik Nordstrom <henrik@henriknordstrom.net>
Date: Fri, 17 Jul 2009 03:59:27 +0200
To: Adrien de Croy <adrien@qbik.com>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <1247795967.25755.198.camel@localhost.localdomain>
ons 2009-07-08 klockan 10:02 +1200 skrev Adrien de Croy:

> When we added a realm, we couldn't find anywhere which specified how a 
> proxy should specify a realm of the entire universe.  In the end we used 
> realm="/"

It's an opaque string. There is no structure to realms, just equality.

>  This is nothing like a sitename, or anything the browser can use to 
> judge whether or not the credentials are usable or not for another 
> request.  So the browser has to simply assume the actual usability space 
> of the credentials are defined by host, port, etc etc.  Surely this 
> isn't the intent of realm?

The realm is in addition to the canonical root of the requested server,
or in case of 407 the Cacnonical-Root is proxy-host:port (or
http://proxy-host:port if you like, doesn't matter).

The protection space is defined by the tuple

 (Canonical-Root, Realm)

See 2617 1.2 Access Authentication Framework

Regards
Henrik
Received on Friday, 17 July 2009 02:00:10 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:07 GMT