- From: Foteos Macrides <MACRIDES@sci.wfbr.edu>
- Date: Fri, 12 Dec 1997 12:49:35 -0500 (EST)
- To: Ronald.Tschalaer@psi.ch
- Cc: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
Ronald.Tschalaer@psi.ch (Life is hard... and then you die.) wrote: >> > domain >> > A space-separated list of URIs, as specified in RFC XURI [7]. The >> > intent is that the client could use this information to know the set >> > of URIs for which the same authentication information should be sent. >> > The URIs in this list may exist on different servers. If this keyword >> > is omitted or empty, the client should assume that the domain >> > consists of all URIs on the responding server with paths at or deeper >> > than the depth of the last symbolic element in the path field of the >> > Request-URI. >> > >> What does "last symbolic element in the path field of the Request-URI" mean? > >Maybe an example is best. Assume the Request-URI is >"http://somewhere/the/path/index.html" then you want to to talk about all >URIs with a prefix of "http://somewhere/the/path/", i.e. the scheme, the >site component and the path component of the Request-URI minus any trailing >segment. I assumed "symbolic element" to refer to "/". Your example is correct, but "symbolic elements" refers to the "substrings in a URL path that comprise a hierarchy delimited by slashes". They are symbolic because the server's configuration file normally maps them appropriately for the platform's physical file system, whereas the URL paths, themselves, have a platform independent syntax. The "last symbolic element" in a Request-URI such as http://somewhere/the/path/ is a zero-length substring following the last slash, which by convention is interpreted as a "symbol" for the configured index filename, or for a directory listing if allowed by the server and the configured index filename is not found. The logic is homologous to that for resolving partial references versus a base URL. The "template" terminology used originally, when Ari was developing Basic authentication for the CERN server, may be more clear, but didn't catch on. The "template" is everything up to the last slash of the path (or implied lead slash for an http(s) Request-URI with no explicit path), and anything which has that as a prefix is considered to be in the protection space specified by the realm value. You're basically suggusting that the items in a "domain" list should be considered "templates" (prefixes) for (symbolic) protection spaces, and that the default is to use a "template" derived from the Request-URI. I'm not sure how well that would work in conjunction with nounce handing, and other aspects of Digest authentication which are more complicated than Basic, but agree with you that most implementors would like it to be as "drop in" as possible with respect to existing Basic implementations. Fote ========================================================================= Foteos Macrides Worcester Foundation for Biomedical Research MACRIDES@SCI.WFBR.EDU 222 Maple Avenue, Shrewsbury, MA 01545 =========================================================================
Received on Friday, 12 December 1997 09:55:56 UTC