W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #177: Realm required on challenges

From: Yngve N. Pettersen <yngve@opera.com>
Date: Mon, 25 Jul 2011 05:53:52 +0200
To: "Amos Jeffries" <squid3@treenet.co.nz>, "Adrien de Croy" <adrien@qbik.com>
Cc: ietf-http-wg@w3.org
Message-ID: <op.vy5o32mhkvaitl@lessa-ii.invalid.invalid>
On Mon, 25 Jul 2011 05:30:35 +0200, Adrien de Croy <adrien@qbik.com> wrote:

> How does a proxy state (using Realm)
>
> "use those creds for any site you access through me"
>
> if the base URL must be combined with the realm.  Unless you can say  
> realm ="../../*" or something.
>
> The problem is
>
> a) the proxy MUST provide a realm
> b) the realm must be combined with the base URI

The solution is IMO simple: The "base URI" for the proxy is its hostname  
and port. That is how it is implemented in Opera.

Alternatively, the WWW and Proxy auth headers define different types of  
scopes, where the WWW variant is realm + base URI, and the proxy one is  
realm+hostname+port; the effect is the same.

The WWW and proxy auth systems have, by design, different scopes; which is  
why they are using different headers. The definitions for how they are  
used need to take that into account.

-- 
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                     Email: yngve@opera.com
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************
Received on Monday, 25 July 2011 03:58:39 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:45 GMT