- From: Paul Leach <paulle@microsoft.com>
- Date: Thu, 6 Aug 1998 23:36:07 -0700
- To: http-wg@hplb.hpl.hp.com
In section 3.2.1, The WWW-Authenticate Response Header OLD: domain A space-separated list of URIs, as specified in RFC XURI [7]. The intent is that the client could use this information to know the set of URIs for which the same authentication information should be sent. The URIs in this list may exist on different servers. If this keyword is omitted or empty, the client should assume that the domain consists of all URIs on the responding server. NEW: domain A space-separated list of URIs, as specified in RFC XURI [7] that define the protection space. If a URI is relative, it is relative to canonical root URL (see section 5.1.2 of [2]) of the server being accessed. The URIs in this list may refer to different servers. The client can use this list to determine the set of URIs for which the same authentication information may be sent: any URI that has a URI in this list as a prefix (after both have been made absolute) may be assumed to be in the same protection space. If this keyword is omitted or empty, the client should assume that the protection space consists of all URIs on the responding server. RATIONALE: The terminology of "protection space" was not used for Digest. The means for determining when Digest clients could use the same credentials was under-specified.
Received on Thursday, 6 August 1998 23:38:26 UTC