- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Thu, 09 Dec 2010 04:11:28 +0100
- To: Zhi-Qiang Lei <zhiqiang.lei@gmail.com>
- Cc: ietf-http-wg@w3.org
* Zhi-Qiang Lei wrote:
>On my multiuser application, some resources need to be authenticated
>(I'm using http digest access authentication.) by user A, as suggestion
>of RFC 2617, I assign "A@example.com" to these resources. In the same
>way, the resources need to be authenticated by user B belong to realm
>"B@example.com". But now I've got trouble, how do I assign the realms to
>the resources which need to be authenticated by either A or B? (The
>resources shared by A and B.) Thanks.
I am not quite following. Could you point out the specific passage in
RFC 2617 you are referring to? Looking at the RFC, you might mean
realm
A string to be displayed to users so they know which username and
password to use. This string should contain at least the name of
the host performing the authentication and might additionally
indicate the collection of users who might have access. An example
might be "registered_users@gotham.news.com".
This, however, refers to .all. registered users, not individual users.
Realms are something about where you are, not about who you are. You
can't give individual realms to individual users, because prior to any
authentication you do not know who the user is in order to generate a
user-specific realm. But I might well be missing something.
--
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Thursday, 9 December 2010 03:12:10 UTC