Menu
As I understand, to "Authenticate" means to prove you are who you claim to be. To be "Authorized" means that you have permission to do the operation you are attempting.
Why then, in the RFC for HTTP authentication, do you authenticate (prove you are who you say you are) via a header called 'Authorization'? You are not proving that you are allowed to do a certain operation.
The "basic" authentication scheme is based on the model that the client must authenticate itself with a user-ID and a password for each realm...
...If the user agent wishes to send the userid "Aladdin" and password "open sesame", it would use the following header field:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
209
a) The actual RFC is 7235, not 2617.
b) I assume it's a historic mistake. That's the best answer I have (note that I'm one of the authors of the newer RFC)
51
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
