- From: John Franks <john@math.nwu.edu>
- Date: Tue, 23 Apr 1996 14:14:30 -0500 (CDT)
- To: "Roy T. Fielding" <fielding@avron.ICS.UCI.EDU>
- Cc: Mary Ellen Zurko <zurko@osf.org>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
On Tue, 23 Apr 1996, Roy T. Fielding wrote:
>
> Proxy-Authenticate and Proxy-Authorization are (or should be) defined
> according to the Netscape Proxy implementation. The current spec is
> lacking the wording that I sent in a couple months ago about how the
> proxy should forward the field if the credentials do not apply to it.
> One problem is that the realm is not sent with the credentials (only
> with the challenge), and thus things can still get messed-up if more
> than one proxy is demanding credentials on a single request.
>
In the current 02 version of the spec it is not clear (to me) that
the realm is required to be unique across hosts/proxies. Here is what
the spec says:
realm = "realm" "=" realm-value
realm-value = quoted-string
The realm attribute (case-insensitive) is required for all
authentication schemes which issue a challenge. The realm value (case-
sensitive), in combination with the canonical root URL of the server
being accessed, defines the protection space. These realms allow the
protected resources on a server to be partitioned into a set of
protection spaces, each with its own authentication scheme and/or
authorization database. The realm value is a string, generally assigned
by the origin server, which may have additional semantics specific to
the authentication scheme.
John Franks Dept of Math. Northwestern University
john@math.nwu.edu
Received on Tuesday, 23 April 1996 12:23:28 UTC