RFC 2068 Augmented BNF

Question

I'm trying to parse Authorization request headers, see https://www.ietf.org/rfc/rfc2617.txt section 3.2.2. There, digest-response is defined as following:

digest-response  = 1#( username | realm | nonce | digest-uri
                       | response | [ algorithm ] | [cnonce] |
                       [opaque] | [message-qop] |
                           [nonce-count]  | [auth-param] )

The augmented BNF which is used here is defined in http://www.ietf.org/rfc/rfc2068.txt, section 2.1.

If I'm right, a digest-response is (by the above definition) a list of at least one element, each separated by one ore more commas, and optional linear whitespace.

I have some questions regarding the definition of the digest-response:

1) Is the following digest-response valid (if not, why)? username_1, username_2

2) Is the following digest-response valid (if not, why)? username, realm, nonce, digest-uri

3) Is the following digest-response valid (if not, why)? username_1, realm, nonce, digest-uri, response, username_2

4) Ho do the possible productions for 1#(a | b) and 1#(a | [b]) look like, and what is the difference?

Thanks

Answer 1

I would recommend that you read

http://trac.tools.ietf.org/html/draft-ietf-httpauth-digest-07

instead; and if there are questions left then please follow up on the httpauth mailing list.