- From: <Toman_Vojtech@emc.com>
- Date: Wed, 10 Dec 2008 09:03:51 -0500
- To: <public-xml-processing-model-comments@w3.org>
> > > I think a realm value is required for Digest authentication, > > but I don't think > > we provide any way of supplying it. > > I am no expert on this, but I thought that the realm information is > actually provided by the server, as part of the authentication > challenge. The client then combines the username, password and the > server-provided realm (and the 'nonce' value which is also provided by > the server), and computes a MD5 hash which he then sends back to the > server. > > Providing p:http-request with an explicit realm option would only make > sense to me if p:http-request contained some logic for > determining which > username/password to pick for a particular authentication realm. Actually, now that I think about it further, providing an explicit realm would make sense with Basic authentication, and with 'send-authorization' set to true. For Digest authentication, I am not sure, because I think you can't avoid the authentication challenge there (...or can you?) Vojtech
Received on Wednesday, 10 December 2008 14:07:59 UTC