Re: http-request authentication missing realm? from Norman Walsh on 2008-12-11 (public-xml-processing-model-comments@w3.org from December 2008)

From: Norman Walsh <ndw@nwalsh.com>
Date: Wed, 10 Dec 2008 21:57:32 -0500
To: public-xml-processing-model-comments@w3.org
Message-ID: <m2tz9bto4j.fsf@nwalsh.com>

Toman_Vojtech@emc.com writes:

>> (For basic authentication, the realm doesn't really matter.)
>
> I don't quite agree. I think you can use realms with Basic
> authentication:
>
> http://en.wikipedia.org/wiki/Basic_access_authentication

You sure can, but it's value doesn't play any role in authentication.
So if I send the username/password on my initial GET, and it matches a
username/password for the requested resource, I get immediate access:
no challenge required.

But because the realm value plays a role in computation of the digest,
I can't do that for digest auth. OTOH, I now think (but am not sure)
that you can't do digest auth w/o a challenge anyway.

                                        Be seeing you,
                                          norm

-- 
Norman Walsh <ndw@nwalsh.com> | Mistakes are a part of being human.
http://nwalsh.com/            | Appreciate your mistakes for what they
                              | are: precious life lessons that can
                              | only be learned the hard way. Unless
                              | it's a fatal mistake, which, at least,
                              | others can learn from.--Al Franken

Received on Thursday, 11 December 2008 02:58:17 UTC