opaque parameter in the Authorization request header from Evgeniy Khramtsov on 2008-08-13 (ietf-http-wg@w3.org from July to September 2008)

From: Evgeniy Khramtsov <xramtsov@gmail.com>
Date: Wed, 13 Aug 2008 18:57:41 +1000
To: ietf-http-wg@w3.org
Message-ID: <48A2A205.7080309@gmail.com>

Hello!

I have a question regarding RFC 2617 (HTTP Authentication). Please, 
forgive me if it is not the right list for such questions.
In RFC 2617 para 3.2.2 it is saying that: "The values of the opaque and 
algorithm fields must be those supplied in the WWW-Authenticate response 
header for the entity being requested". Does it mean that "opaque" field 
is mandatory in the "Authorization" header in the case it was present in 
the "WWW-Authenticate" header?

Currently I'm a spectator of a situation when a client doesn't include 
an "opaque" field in the "Authorization" header and a server replies 
with 400 "Authorization should contain opaque". Actually, I don't know 
who is right: a client or a server?

Thanks!

-- 
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:xram@jabber.ru.

Received on Wednesday, 13 August 2008 08:58:09 UTC