Authentication spaces

Anselm Baird_smith (abaird@houdon.inria.fr)
Mon, 23 Oct 1995 14:05:30 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andy Norman: "Anselm Baird_smith: Authentication spaces"
Previous message: Henrik Frystyk Nielsen: "Re: NCSA implementation of KeepAlive"

Hi,

In implementing authentication in my server, I started by allowing
server maintainers to specify authentication attributes on a document
basis. This means, for example that

http://foo:8888/x/basic  can be protected through Basic auth.
http://foo:8888/x/digest can be protected through Digest auth.

The funny thing is that most browsers consider that http://foo:8888/x/*
defines an authentication space that should use the same scheme, even
if they have different authentication realms (correct me if I am wrong).

If my reading of the spec (HTTP/1.1 draft of August, 27th, but as I
remember it is the same for HTTP/1.0), I though that my approach was
'legal', is this correct ? (Well, anyway I'll have to come back to a
more reasonable approach if I want to interact properly with
browsers).

Anselm.
[Apologizes to the list maintainer, I just post this mail to http-wg-request]

Next message: Andy Norman: "Anselm Baird_smith: Authentication spaces"
Previous message: Henrik Frystyk Nielsen: "Re: NCSA implementation of KeepAlive"