W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: [#177] Realm required on challenges

From: Mark Nottingham <mnot@mnot.net>
Date: Wed, 22 Sep 2010 16:01:13 +1000
Cc: Robert Collins <robertc@robertcollins.net>, HTTP Working Group <ietf-http-wg@w3.org>
Message-Id: <2C2313AC-5316-493A-A23D-2CB85A9EAC89@mnot.net>
To: Julian Reschke <julian.reschke@gmx.de>

On 15/09/2010, at 2:59 AM, Julian Reschke wrote:
> 
> So maybe we should be pragmatic and say:
> 
> - the realm is defined for all authentication protocols
> - SHOULD be provided in the challenge
> - if not provided, header should be treated as if an empty realm was specified


+0.5. 

I'm not thrilled about it, but unless someone wants to argue that we shouldn't impose realms on all authentication schemes...

Cheers,


--
Mark Nottingham     http://www.mnot.net/
Received on Wednesday, 22 September 2010 06:02:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT