I find it difficult to understand the purpose of the "realm" value in the header WWW-Authenticateused for basic HTTP authentication.
This question asks what the meaning of "kingdom" is - and the answer seems rather simple. The kingdom is like a namespace indicating a collection of protected resources.
Ok, so I get an abstract concept. But in practice, especially from the point of view of the HTTP client, how does the kingdom really help?
When authentication via HTTP, the main workflow is as follows:
(1) The server issues a call in the form of WWW-Authenticate
header
(2) The client responds with a header Authorization, as well as a base64 encoded string containing the username and password.
(3) The client is now granted access (or denied if the credentials are incorrect)
So, where in any of these should the client take care of the kingdom sent by the server?
As far as I understand, if the client wants to get access to the protected resource again, the "Authorization" header should be sent again. So ... again, how does the "kingdom" play it all?
Just to be clear ... I understand that the concept of a kingdom is conceptual ... I just don't understand how it was used in practice by HTTP clients.
Siler