Sanjay Sinha wrote:
What I am wondering is this-- in theory you could have credentials for multiple realms that are known. Do you include the credentials for every known realm/user with every request, or do you try to scope things a bit better somehow?
## Depends, if you are challenged by all the realms downstream and if they record-route, then I would assume that the Authorization headers should be included in all subsequent requests.
So more to the point then, how does a user agent know WHICH credentials to put into outgoing requests?
I see 3 possibilities:
1) Put none, and only answer challenges with the right credentials
2) Put all known credentials in all outgoing requests
3) Put all credentials which have been challenged at some point in the request
4) .... ?
-- David Stuart, SIPquest Email: dave (at) sipquest (dot) com Phone: 254-8886 x234 Web: http://www.sipquest.com/ Address: 106 - 350 Terry Fox Drive, Kanata Ontario, K2K 2P5
_______________________________________________ Sip-implementors mailing list [EMAIL PROTECTED] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
