Re: [http-auth] Last Call: <draft-ietf-httpauth-basicauth-update-05.txt> (The 'Basic' HTTP Authentication Scheme) to Proposed Standard

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2015-02-06 16:44, Alexey Melnikov wrote:

On 06/02/2015 15:35, Bjoern Hoehrmann wrote:
* Alexey Melnikov wrote:
On 05/02/2015 22:49, Bjoern Hoehrmann wrote:
  [snip]
     The realm value is an opaque string
     which can only be compared for equality with other realms on that
     server.

RFC 7235 says "The realm value is a string, generally assigned by the
origin server, that can have additional semantics specific to the
authentication scheme." This seems contradictory (perhaps the intent is
to say that for the particular case of Basic, the realm value is opaque
in contrast to other schemes where it might not be opaque, but that is
not clear from the text) and misleading (users make decisions based on
the string, which often contains human readable text, so it's not
really
opaque to them).
I think it is opaque to clients and servers, so they shouldn't try to
parse it.
A better phrase would be something like "free-form text".
Maybe something like "free-form text that MUST NOT be interpreted by
clients"?
I would also like to keep "which can only be compared for equality with
other realms on that server", as this is the important part.

Clarifying: the descriptions of "realm" in RFC 7235 and in this draft are exactly what RFC 2617 said. That being said, I'm ok with replacing "opaque string" by "free-form text" if that makes the participants over here happy.


Best regards, Julian












[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]