The realm directive (case-insensitive) is required for all
   authentication schemes that issue a challenge. The realm value (...)
   of the server being accessed, defines the protection space.
   (...) The realm value
   is a string, generally assigned by the origin server (...). Note that
   there may be multiple challenges with the same auth-scheme but
   different realms.