- From: Mark Nottingham <mnot@mnot.net>
- Date: Sat, 11 Mar 2006 10:31:39 -0800
- To: Robert Sayre <sayrer@gmail.com>
- Cc: HTTP Working Group <ietf-http-wg@w3.org>
Sometimes specs are ambiguous because what seemed obvious at the time is interpreted differently; other times, they're purposefully ambiguous, so as to not disallow future use cases or extensions. I was hoping that one of the original authors would give their take on which it was... On 2006/03/11, at 9:12 AM, Robert Sayre wrote: > > On 3/10/06, Mark Nottingham <mnot@yahoo-inc.com> wrote: >> >> RFC 2616 section 14.8 says: >> >>> If a request is >>> authenticated and a realm specified, the same credentials >>> SHOULD >>> be valid for all other requests within this realm >> >> a) Is the intent of the first SHOULD to allow credential caching >> (e.g., similar to [1]) in intermediaries? > > My guess would be no. I think it means that the same username/password > combination should be valid throughout the the realm. For example, > Digest clients can send cnonce and nonce-count values, so the actual > data sent changes with each request. > > -- > > Robert Sayre > > -- Mark Nottingham http://www.mnot.net/
Received on Saturday, 11 March 2006 18:31:38 UTC