- From: Eran Hammer-Lahav <eran@hueniverse.com>
- Date: Sun, 6 Dec 2009 13:42:05 -0700
- To: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
RFC 2617 declares: The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge. But does not use normative REQUIRED. Also, the ABNF defines challenge as: challenge = auth-scheme 1*SP 1#auth-param Which seems to suggest that the realm parameter is not actually mandatory. If it is, the language should be corrected to use normative REQUIRED and the ABNF changes to reflect that: challenge = auth-scheme 1*SP 1#(realm / auth-param) As currently defined, realm doesn't fully cover the use cases of the proposed Token scheme (OAuth WG). We will need to either redefine it, supplement it, or replace it. Either way, we need to know what is dictated by the HTTP authentication framework. EHL
Received on Sunday, 6 December 2009 20:42:15 UTC