Carring Authorization even in initial request will ease the processing of server. To provide "user" and "realm" is the point. Other files like nouce, response ... is not applicable for Initial request.
This may help the server to decide which realm the user belong to and enforce the realm specific authentication policy. Eg. Select algorism. _________________________________________________________________ Peili Xu System Engineer Core Network Research & Standard Department Huawei Technologies Co., Ltd Email: [EMAIL PROTECTED] Phone: +86-755-28780808 Website: www.huawei.com _________________________________________________________________ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arunachalam Venkatraman (arunvenk) Sent: Friday, July 15, 2005 12:23 AM To: Dale Worley; [email protected] Subject: RE: [Sip-implementors] proxy servers multiple realm I believe an initial request may contain credentials using the most recently offered nonce on a prior call. Nonce is not tied to a single call or session. Of course, there is no guarantee that the credentials will be accepted. The server may accept the credentials if the nonce lifetime has not expired and local policy allows it. Or, the server may re-challenge with a new nonce. I would suspect that most servers currently do the latter. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dale Worley Sent: Thursday, July 14, 2005 9:16 AM To: [email protected] Subject: RE: [Sip-implementors] proxy servers multiple realm > From: Peili Xu [mailto:[EMAIL PROTECTED] > > Since the final choice of the realm is decided by user. > Another possible way > is that user can config the associated realm in his terminal. > So that the initial Request can contain the realm information. In my experience, user agents do not add authorization headers in initial requests. I believe that this is because the proxy will not accept an authorization header that does not contain a current nonce, and the only way for a user agent to get a nonce is from a 407 response. So there is no benefit in sending an authorization header to a proxy that one has not recently communicated with, since one cannot include a current nonce. Dale _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors _______________________________________________ Sip-implementors mailing list [email protected] http://lists.cs.columbia.edu/mailman/listinfo/sip-implementors
