Ticket #177 (closed design: fixed)
Realm required on challenges
|Reported by:||firstname.lastname@example.org||Owned by:||email@example.com|
|Component:||p7-auth||Severity:||Active WG Document|
p7 defers to RFC2617 for the definition of challenge.
RFC 2617, section 1.2 says:
challenge = auth-scheme 1*SP 1#auth-param ... The authentication parameter realm is defined for all authentication schemes:
realm = "realm" "=" realm-value realm-value = quoted-string
The realm directive (case-insensitive) is required for all authentication schemes that issue a challenge.
The interpretation being that challenges (which is what www- authenticate is defined as) MUST contain at least one parameter and that parameter MUST be a realm.
Is it truly necessary for all authentication schemes to include a 'realm' paramter? If so, it should be documented (e.g., in the section about extension authentication schemes).
- Status changed from new to closed
- Resolution set to incorporated
- Status changed from closed to reopened
- Resolution incorporated deleted