Re: #177: Realm required on challenges

Julian Reschke <julian.reschke@gmx.de> Mon, 25 July 2011 13:49 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B12221F8AF8 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 25 Jul 2011 06:49:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AXW2Ht-4U5Jk for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Mon, 25 Jul 2011 06:49:35 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 02D3D21F8AFD for <httpbisa-archive-bis2Juki@lists.ietf.org>; Mon, 25 Jul 2011 06:49:35 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1QlLWf-0000mG-Pq for ietf-http-wg-dist@listhub.w3.org; Mon, 25 Jul 2011 13:48:53 +0000
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <julian.reschke@gmx.de>) id 1QlLWW-0000ij-UM for ietf-http-wg@listhub.w3.org; Mon, 25 Jul 2011 13:48:44 +0000
Received: from mailout-de.gmx.net ([213.165.64.22]) by maggie.w3.org with smtp (Exim 4.72) (envelope-from <julian.reschke@gmx.de>) id 1QlLWU-0002KN-M0 for ietf-http-wg@w3.org; Mon, 25 Jul 2011 13:48:44 +0000
Received: (qmail invoked by alias); 25 Jul 2011 13:48:16 -0000
Received: from dhcp-14e3.meeting.ietf.org (EHLO [130.129.20.227]) [130.129.20.227] by mail.gmx.net (mp022) with SMTP; 25 Jul 2011 15:48:16 +0200
X-Authenticated: #1915285
X-Provags-ID: V01U2FsdGVkX18ObsI3f8IOAqOJKqfBcqCVtu+OeeQ701oQMlFj2b knAiWEqjPO2me3
Message-ID: <4E2D741A.7010108@gmx.de>
Date: Mon, 25 Jul 2011 15:48:10 +0200
From: Julian Reschke <julian.reschke@gmx.de>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: "Manger, James H" <James.H.Manger@team.telstra.com>
CC: HTTP Working Group <ietf-http-wg@w3.org>
References: <8A112B10-6245-4013-BB50-086CAE94F8FA@mnot.net> <4E2C6E83.3080805@gmx.de> <255B9BB34FB7D647A506DC292726F6E112892DE0F1@WSMSG3153V.srv.dir.telstra.com>
In-Reply-To: <255B9BB34FB7D647A506DC292726F6E112892DE0F1@WSMSG3153V.srv.dir.telstra.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Y-GMX-Trusted: 0
Received-SPF: pass client-ip=213.165.64.22; envelope-from=julian.reschke@gmx.de; helo=mailout-de.gmx.net
X-W3C-Hub-Spam-Status: No, score=-1.9
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1QlLWU-0002KN-M0 479191a286fda34fc7a5ac332128c2e8
X-Original-To: ietf-http-wg@w3.org
Subject: Re: #177: Realm required on challenges
Archived-At: <http://www.w3.org/mid/4E2D741A.7010108@gmx.de>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/11076
X-Loop: ietf-http-wg@w3.org
Sender: ietf-http-wg-request@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1QlLWf-0000mG-Pq@frink.w3.org>
Resent-Date: Mon, 25 Jul 2011 13:48:53 +0000

On 2011-07-25 02:47, Manger, James H wrote:
> Julian,
>
> The concept of a "protection space" is quite important (eg for automatically applying credentials), regardless of whether or not a 'realm' parameter is present. Unfortunately, the proposed patch to make 'realm' optional also effectively makes a protection space optional. How about changing the 1st sentence of the 2nd paragraph of 2.2 "Protection Space (Realm)" to the following:
>
>    A protection space is defined by the canonical root URI (...)
>    of the server being accessed, in combination with the realm
>    value if present.
 > ...

OK; new proposed patch: 
<http://trac.tools.ietf.org/wg/httpbis/trac/attachment/ticket/177/177.diff>. 
The subsection would then read:


2.2.  Protection Space (Realm)

    The authentication parameter realm is reserved for use by
    authentication schemes that wish to indicate the scope of protection:

      realm       = "realm" "=" realm-value
      realm-value = quoted-string

    A protection space is defined by the canonical root URI (the scheme
    and authority components of the effective request URI; see Section
    4.3 of [Part1]) of the server being accessed, in combination with the
    realm value if present.  These realms allow the protected resources
    on a server to be partitioned into a set of protection spaces, each
    with its own authentication scheme and/or authorization database.
    The realm value is a string, generally assigned by the origin server,
    which can have additional semantics specific to the authentication
    scheme.  Note that there can be multiple challenges with the same
    auth-scheme but different realms.

    The protection space determines the domain over which credentials can
    be automatically applied.  If a prior request has been authorized,
    the same credentials MAY be reused for all other requests within that
    protection space for a period of time determined by the
    authentication scheme, parameters, and/or user preference.  Unless
    otherwise defined by the authentication scheme, a single protection
    space cannot extend outside the scope of its server.



Best regards, Julian