- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 22 Sep 2010 18:19:26 +0200
- To: Mark Nottingham <mnot@mnot.net>
- CC: Robert Collins <robertc@robertcollins.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 22.09.2010 08:01, Mark Nottingham wrote: > > On 15/09/2010, at 2:59 AM, Julian Reschke wrote: >> >> So maybe we should be pragmatic and say: >> >> - the realm is defined for all authentication protocols >> - SHOULD be provided in the challenge >> - if not provided, header should be treated as if an empty realm was specified > > > +0.5. > > I'm not thrilled about it, but unless someone wants to argue that we shouldn't impose realms on all authentication schemes... > ... It would probably help if we had a agreement on whether we consider Negotiate a proper authentication scheme. Do we ignore it, do we accept it, or do we special-case it? Best regards, Julian
Received on Wednesday, 22 September 2010 16:20:05 UTC