- From: Dave Kristol <dmk@allegra.att.com>
- Date: Mon, 29 Apr 96 16:51:02 EDT
- To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Suppose I have a URL space that I want to protect. I would prefer to use Digest authentication if the user-agent understands it. Otherwise I can use Basic. Is it meaningful (and correct) to send: WWW-Authenticate: Digest realm="foo", nonce="xxx", opaque="yyy", Basic realm="foo" (Yes, same realm name, although I suppose I could tolerate different names.) Is it valid to ask for authentication with more than one set of credentials for the same scheme, e.g., WWW-Authenticate: Basic realm="foo", Basic realm="bar" If these are reasonable headers, then I think 10.44 WWW-Authenticate should stipulate something about the order of credentials in WWW-Authenticate, such as that they are in the order of preference from the origin server. (If the headers are unreasonable, then the grammar for 10.44, 1#challenge, is wrong.) Dave Kristol
Received on Monday, 29 April 1996 13:57:53 UTC