Thu Apr 9 00:26:40 UTC 2009
"A realm may contain a wildcard, and so may not be a valid URL. In
that case, perform discovery on the URL obtained by substituting
"www" for the wildcard in the realm. "
But if there is no wildcard, then the realm will be a valid URL, and that
URL is used for discovery purposes. There is nothing that says
that a party performing discovery should add a "www" to a that URL,
and in fact doing so would be incorrect. So the realm
"http://domain.com/" should definitely NOT be interpreted as being
identical to "http://www.domain.com/".
However, on the other hand, the wildcarded "http://*.domain.com/"
realm MUST be interpreted as being "http://www.domain.com/".
So are you seeing something different?
My concern is that I think section 9.2.1 of the spec may be too
simplistic. It makes an assumption that a "www" host will
exist and that it will be authoritative for the entire domain.
Not to mention there may be an https versus http disconnect.
More information about the general