At 11:20 AM 12/13/2003, Howard Chu wrote: >I think adding a mech specifier is a really bad idea. Quite likely. Maybe we should just have u:userid[@realm] and just imply a mech of "authz" when authzid comes from policy information. Otherwise, the mech associated with the authentication is implied. (and then just deal with the @realm issues the best we can for now.) Kurt