I just don't see how it's used in practice by HTTP clients.
The browser will not ask the user for credentials while the realm stays the same. So if you log on to http://example.com/ApplicationA
which provides a certain realm value, then http://example.com/ApplicationB
using the same realm can reuse the credentials the user entered for application A because their "canonical root URL" is the same (http://example.com)
, so the browser doesn't have to pop up the credentials form again.
Browsers seem to implement this differently though, depending on what part of the URI changes some will ask for credentials again even if realm and canonical root URL stay the same.