- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Wed, 26 Nov 2008 16:10:09 +0100
Ian Hickson wrote: >>>> RFC2617 states that "The realm directive (case-insensitive) is required >>>> for all authentication schemes that issue a challenge." >>> I didn't really understand how the realm would work here, which is why I >>> didn't include it. Is this a case where we should violate RFC2617? (Note >>> that we're in a rather unusual case here because the challenge never gets a >>> reply in the traditional sense.) >> Unless there's an ultra-important reason to violate any base >> requirements, I would advise against it. > > "They make no sense" is a pretty important reason. What would "realm" mean > in this context? Who would use it and how? How would you know what value > to set it to? I don't see how the realm is different here, compared to, for instance, Basic Auth. If there is only a single realm, the simplest compliant approach seems to define a single hardwired realm name. BR, Julian
Received on Wednesday, 26 November 2008 07:10:09 UTC