- From: Andy Norman <ange@hplb.hpl.hp.com>
- Date: Mon, 23 Oct 1995 13:07:22 +0000
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
[ This was probably meant for the list -- ange ] ------- Forwarded Message Date: Mon, 23 Oct 1995 14:01:57 +0100 From: Anselm Baird_smith <abaird@houdon.inria.fr> To: http-wg-request@cuckoo.hpl.hp.com Subject: Authentication spaces Hi, In implementing authentication in my server, I started by allowing server maintainers to specify authentication attributes on a document basis. This means, for example that http://foo:8888/x/basic can be protected through Basic auth. http://foo:8888/x/digest can be protected through Digest auth. The funny thing is that most browsers consider that http://foo:8888/x/* defines an authentication space that should use the same scheme, even if they have different authentication realms (correct me if I am wrong). If my reading of the spec (HTTP/1.1 draft of August, 27th, but as I remember it is the same for HTTP/1.0), I though that my approach was 'legal', is this correct ? (Well, anyway I'll have to come back to a more reasonable approach if I want to interact properly with browsers). Anselm. ------- End of Forwarded Message
Received on Monday, 23 October 1995 06:11:24 UTC