- From: Mark Nottingham <mnot@mnot.net>
- Date: Tue, 7 Jul 2009 17:15:17 +1000
- To: HTTP Working Group <ietf-http-wg@w3.org>
[ this was raised anonymously ] p7 defers to RFC2617 for the definition of challenge. RFC 2617, section 1.2 says: challenge = auth-scheme 1*SP 1#auth-param ... The authentication parameter realm is defined for all authentication schemes: realm = "realm" "=" realm-value realm-value = quoted-string The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge. The interpretation being that challenges (which is what www- authenticate is defined as) MUST contain at least one parameter and that parameter MUST be a realm. Is it truly necessary for all authentication schemes to include a 'realm' paramter? If so, it should be documented (e.g., in the section about extension authentication schemes). -- Mark Nottingham http://www.mnot.net/
Received on Tuesday, 7 July 2009 07:15:58 UTC