W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: [#177] Realm required on challenges

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 22 Sep 2010 18:19:26 +0200
Message-ID: <4C9A2C8E.3020707@gmx.de>
To: Mark Nottingham <mnot@mnot.net>
CC: Robert Collins <robertc@robertcollins.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 22.09.2010 08:01, Mark Nottingham wrote:
>
> On 15/09/2010, at 2:59 AM, Julian Reschke wrote:
>>
>> So maybe we should be pragmatic and say:
>>
>> - the realm is defined for all authentication protocols
>> - SHOULD be provided in the challenge
>> - if not provided, header should be treated as if an empty realm was specified
>
>
> +0.5.
>
> I'm not thrilled about it, but unless someone wants to argue that we shouldn't impose realms on all authentication schemes...
> ...

It would probably help if we had a agreement on whether we consider 
Negotiate a proper authentication scheme.

Do we ignore it, do we accept it, or do we special-case it?

Best regards, Julian
Received on Wednesday, 22 September 2010 16:20:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT