W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Solving the login/logout problem in HTML

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 26 Nov 2008 16:10:09 +0100
Message-ID: <492D66D1.1060701@gmx.de>
Ian Hickson wrote:
>>>> RFC2617 states that "The realm directive (case-insensitive) is required
>>>> for all authentication schemes that issue a challenge."
>>> I didn't really understand how the realm would work here, which is why I
>>> didn't include it. Is this a case where we should violate RFC2617? (Note
>>> that we're in a rather unusual case here because the challenge never gets a
>>> reply in the traditional sense.)
>> Unless there's an ultra-important reason to violate any base 
>> requirements, I would advise against it.
> 
> "They make no sense" is a pretty important reason. What would "realm" mean 
> in this context? Who would use it and how? How would you know what value 
> to set it to?

I don't see how the realm is different here, compared to, for instance, 
Basic Auth.

If there is only a single realm, the simplest compliant approach seems 
to define a single hardwired realm name.

BR, Julian
Received on Wednesday, 26 November 2008 07:10:09 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC