One of the two ways a server can challenge a client in order to identify it. It does this by sending a "401 Unauthorized" response with a WWW-Authenticate header. The other one is the Basic Authentication Scheme, but the "digest" one is better because it doesn't send a plaint text password over the net. Both are defined in RFC 2617.