11. Access Authentication

Dave Kristol (dmk@allegra.att.com)
Mon, 29 Apr 96 16:51:02 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Koen Holtman: "Re: HTTP 1.1 document terminology."
Previous message: John Franks: "Re: HTTP 1.1 document terminology (suggestions)"

Suppose I have a URL space that I want to protect.  I would prefer to
use Digest authentication if the user-agent understands it.  Otherwise
I can use Basic.  Is it meaningful (and correct) to send:

	WWW-Authenticate:  Digest realm="foo", nonce="xxx", opaque="yyy",
			   Basic realm="foo"

(Yes, same realm name, although I suppose I could tolerate different
names.)

Is it valid to ask for authentication with more than one set of
credentials for the same scheme, e.g.,
	WWW-Authenticate: Basic realm="foo",
			  Basic realm="bar"

If these are reasonable headers, then I think 10.44 WWW-Authenticate
should stipulate something about the order of credentials in
WWW-Authenticate, such as that they are in the order of preference from
the origin server.  (If the headers are unreasonable, then the grammar
for 10.44, 1#challenge, is wrong.)

Dave Kristol

Next message: Koen Holtman: "Re: HTTP 1.1 document terminology."
Previous message: John Franks: "Re: HTTP 1.1 document terminology (suggestions)"