RE: domain attribute in digest auth

> -----Original Message-----
> From: Ronald.Tschalaer@psi.ch [mailto:Ronald.Tschalaer@psi.ch]
> Sent: Wednesday, October 07, 1998 11:48 PM
>
> 
> I don't see why the semantics should be any different from those for
> server auth - the (host port realm) tuple defines the 
> protection space,
> with the domain attribute as a means for extending that to a
> (list-of-hosts list-of-ports realm) (the host and port here just refer
> to the proxy's host/port instead of the server's host/port, 
> that's all).

I think I finally see what you're talking about. I think you've got a
fundamental misconception here. (Or maybe I do.) You're conflating proxy
host/port and origin server host/port. The protection space IS NOT defined
by the host name of the proxy; it is defined by the host/port part of _the
URI being accessed_. That's why I thought that "domain" had no meaning for
proxies. What you are proposing is a new definition of _protection space_
for proxies, one which seems (on my first examination) to allow "domain" to
make sense for proxies.

However, the spec is in last call to move forward to Draft Standard. I don't
think this comprises a bug, but an extension. You appear to have thought
that this was the way it worked before, but neither of the active authors,
nor the people who asked us to clarify what "domain" meant for proxies,
thought so. So, I will go back to my offer of making "domain" illegal for
proxies (as an editorial change), so that the way would be clear for your
extension to be implemented once it has been considered.

Paul

Received on Thursday, 8 October 1998 10:43:47 UTC