- From: Paul Leach <paulle@microsoft.com>
- Date: Thu, 8 Oct 1998 10:40:50 -0700
- To: "'Ronald.Tschalaer@psi.ch'" <Ronald.Tschalaer@psi.ch>, HTTP-WG@hplb.hpl.hp.com
> -----Original Message----- > From: Ronald.Tschalaer@psi.ch [mailto:Ronald.Tschalaer@psi.ch] > Sent: Wednesday, October 07, 1998 11:48 PM > > > I don't see why the semantics should be any different from those for > server auth - the (host port realm) tuple defines the > protection space, > with the domain attribute as a means for extending that to a > (list-of-hosts list-of-ports realm) (the host and port here just refer > to the proxy's host/port instead of the server's host/port, > that's all). I think I finally see what you're talking about. I think you've got a fundamental misconception here. (Or maybe I do.) You're conflating proxy host/port and origin server host/port. The protection space IS NOT defined by the host name of the proxy; it is defined by the host/port part of _the URI being accessed_. That's why I thought that "domain" had no meaning for proxies. What you are proposing is a new definition of _protection space_ for proxies, one which seems (on my first examination) to allow "domain" to make sense for proxies. However, the spec is in last call to move forward to Draft Standard. I don't think this comprises a bug, but an extension. You appear to have thought that this was the way it worked before, but neither of the active authors, nor the people who asked us to clarify what "domain" meant for proxies, thought so. So, I will go back to my offer of making "domain" illegal for proxies (as an editorial change), so that the way would be clear for your extension to be implemented once it has been considered. Paul
Received on Thursday, 8 October 1998 10:43:47 UTC