#321: Repeating auth-params


We need to add a statement about what it means if a specific auth-param 
occurs more than once in a challenge; in particular for "realm" (ack 
James Manger)

Proposed change: 

Which makes the beginning of 2.1 read:

2.1.  Challenge and Response

    HTTP provides a simple challenge-response authentication mechanism
    that can be used by a server to challenge a client request and by a
    client to provide authentication information.  It uses an extensible,
    case-insensitive token to identify the authentication scheme,
    followed by additional information necessary for achieving
    authentication via that scheme.  The latter can either be a comma-
    separated list of parameters or a single sequence of characters
    capable of holding base64-encoded information.

    Parameters are name-value pairs where the name is matched case-
    insensitively, and each parameter name MUST only occur once per

Feedback appreciated, Julian

Received on Tuesday, 8 November 2011 21:46:52 UTC