| draft-ietf-httpbis-p7-auth-04.txt | draft-ietf-httpbis-p7-auth-05.txt | |||
|---|---|---|---|---|
| Network Working Group R. Fielding, Ed. | Network Working Group R. Fielding, Ed. | |||
| Internet-Draft Day Software | Internet-Draft Day Software | |||
| Obsoletes: 2616 (if approved) J. Gettys | Obsoletes: 2616 (if approved) J. Gettys | |||
| Updates: 2617 (if approved) One Laptop per Child | Updates: 2617 (if approved) One Laptop per Child | |||
| Intended status: Standards Track J. Mogul | Intended status: Standards Track J. Mogul | |||
| Expires: March 2, 2009 HP | Expires: May 20, 2009 HP | |||
| H. Frystyk | H. Frystyk | |||
| Microsoft | Microsoft | |||
| L. Masinter | L. Masinter | |||
| Adobe Systems | Adobe Systems | |||
| P. Leach | P. Leach | |||
| Microsoft | Microsoft | |||
| T. Berners-Lee | T. Berners-Lee | |||
| W3C/MIT | W3C/MIT | |||
| Y. Lafon, Ed. | Y. Lafon, Ed. | |||
| W3C | W3C | |||
| J. Reschke, Ed. | J. Reschke, Ed. | |||
| greenbytes | greenbytes | |||
| August 29, 2008 | November 16, 2008 | |||
| HTTP/1.1, part 7: Authentication | HTTP/1.1, part 7: Authentication | |||
| draft-ietf-httpbis-p7-auth-04 | draft-ietf-httpbis-p7-auth-05 | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 49 | skipping to change at page 1, line 49 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on March 2, 2009. | This Internet-Draft will expire on May 20, 2009. | |||
| Abstract | Abstract | |||
| The Hypertext Transfer Protocol (HTTP) is an application-level | The Hypertext Transfer Protocol (HTTP) is an application-level | |||
| protocol for distributed, collaborative, hypermedia information | protocol for distributed, collaborative, hypermedia information | |||
| systems. HTTP has been in use by the World Wide Web global | systems. HTTP has been in use by the World Wide Web global | |||
| information initiative since 1990. This document is Part 7 of the | information initiative since 1990. This document is Part 7 of the | |||
| seven-part specification that defines the protocol referred to as | seven-part specification that defines the protocol referred to as | |||
| "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines | "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines | |||
| HTTP Authentication. | HTTP Authentication. | |||
| Editorial Note (To be removed by RFC Editor) | Editorial Note (To be removed by RFC Editor) | |||
| Discussion of this draft should take place on the HTTPBIS working | Discussion of this draft should take place on the HTTPBIS working | |||
| group mailing list (ietf-http-wg@w3.org). The current issues list is | group mailing list (ietf-http-wg@w3.org). The current issues list is | |||
| at <http://www.tools.ietf.org/wg/httpbis/trac/report/11> and related | at <http://tools.ietf.org/wg/httpbis/trac/report/11> and related | |||
| documents (including fancy diffs) can be found at | documents (including fancy diffs) can be found at | |||
| <http://www.tools.ietf.org/wg/httpbis/>. | <http://tools.ietf.org/wg/httpbis/>. | |||
| The changes in this draft are summarized in Appendix B.4. | The changes in this draft are summarized in Appendix B.6. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 2. Notational Conventions and Generic Grammar . . . . . . . . . . 4 | 2. Notational Conventions and Generic Grammar . . . . . . . . . . 4 | |||
| 3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 5 | 3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.2. 407 Proxy Authentication Required . . . . . . . . . . . . 5 | 3.2. 407 Proxy Authentication Required . . . . . . . . . . . . 5 | |||
| 4. Header Field Definitions . . . . . . . . . . . . . . . . . . . 5 | 4. Header Field Definitions . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 5 | 4.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 6 | 4.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 6 | |||
| 4.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 7 | 4.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | 4.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 5.1. Message Header Registration . . . . . . . . . . . . . . . 7 | 5.1. Message Header Registration . . . . . . . . . . . . . . . 8 | |||
| 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 6.1. Authentication Credentials and Idle Clients . . . . . . . 8 | 6.1. Authentication Credentials and Idle Clients . . . . . . . 8 | |||
| 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
| 8.2. Informative References . . . . . . . . . . . . . . . . . . 9 | 8.2. Informative References . . . . . . . . . . . . . . . . . . 9 | |||
| Appendix A. Compatibility with Previous Versions . . . . . . . . 9 | Appendix A. Compatibility with Previous Versions . . . . . . . . 10 | |||
| A.1. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 9 | A.1. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix B. Change Log (to be removed by RFC Editor before | Appendix B. Change Log (to be removed by RFC Editor before | |||
| publication) . . . . . . . . . . . . . . . . . . . . 9 | publication) . . . . . . . . . . . . . . . . . . . . 10 | |||
| B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 10 | B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 10 | |||
| B.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 10 | B.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 10 | |||
| B.3. Since draft-ietf-httpbis-p7-auth-01 . . . . . . . . . . . 10 | B.3. Since draft-ietf-httpbis-p7-auth-01 . . . . . . . . . . . 10 | |||
| B.4. Since draft-ietf-httpbis-p7-auth-02 . . . . . . . . . . . 10 | B.4. Since draft-ietf-httpbis-p7-auth-02 . . . . . . . . . . . 10 | |||
| B.5. Since draft-ietf-httpbis-p7-auth-03 . . . . . . . . . . . 10 | B.5. Since draft-ietf-httpbis-p7-auth-03 . . . . . . . . . . . 10 | |||
| Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | B.6. Since draft-ietf-httpbis-p7-auth-04 . . . . . . . . . . . 10 | |||
| Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 14 | Intellectual Property and Copyright Statements . . . . . . . . . . 15 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines HTTP/1.1 access control and authentication. | This document defines HTTP/1.1 access control and authentication. | |||
| Right now it includes the extracted relevant sections of RFC 2616 | Right now it includes the extracted relevant sections of RFC 2616 | |||
| with only minor changes. The intention is to move the general | with only minor changes. The intention is to move the general | |||
| framework for HTTP authentication here, as currently specified in | framework for HTTP authentication here, as currently specified in | |||
| [RFC2617], and allow the individual authentication mechanisms to be | [RFC2617], and allow the individual authentication mechanisms to be | |||
| defined elsewhere. This introduction will be rewritten when that | defined elsewhere. This introduction will be rewritten when that | |||
| occurs. | occurs. | |||
| skipping to change at page 4, line 42 | skipping to change at page 4, line 42 | |||
| implements. An implementation that satisfies all the MUST or | implements. An implementation that satisfies all the MUST or | |||
| REQUIRED level and all the SHOULD level requirements for its | REQUIRED level and all the SHOULD level requirements for its | |||
| protocols is said to be "unconditionally compliant"; one that | protocols is said to be "unconditionally compliant"; one that | |||
| satisfies all the MUST level requirements but not all the SHOULD | satisfies all the MUST level requirements but not all the SHOULD | |||
| level requirements for its protocols is said to be "conditionally | level requirements for its protocols is said to be "conditionally | |||
| compliant." | compliant." | |||
| 2. Notational Conventions and Generic Grammar | 2. Notational Conventions and Generic Grammar | |||
| This specification uses the ABNF syntax defined in Section 2.1 of | This specification uses the ABNF syntax defined in Section 2.1 of | |||
| [Part1]. [[abnf.dep: ABNF syntax and basic rules will be adopted from | [Part1]. | |||
| RFC 5234, see <http://tools.ietf.org/wg/httpbis/trac/ticket/36>.]] | ||||
| The ABNF rules below are defined in other specifications: | The ABNF rules below are defined in other specifications: | |||
| OWS = <OWS, defined in [Part1], Section 2.2> | ||||
| challenge = <challenge, defined in [RFC2617], Section 1.2> | challenge = <challenge, defined in [RFC2617], Section 1.2> | |||
| credentials = <credentials, defined in [RFC2617], Section 1.2> | credentials = <credentials, defined in [RFC2617], Section 1.2> | |||
| 3. Status Code Definitions | 3. Status Code Definitions | |||
| 3.1. 401 Unauthorized | 3.1. 401 Unauthorized | |||
| The request requires user authentication. The response MUST include | The request requires user authentication. The response MUST include | |||
| a WWW-Authenticate header field (Section 4.4) containing a challenge | a WWW-Authenticate header field (Section 4.4) containing a challenge | |||
| applicable to the requested resource. The client MAY repeat the | applicable to the requested resource. The client MAY repeat the | |||
| skipping to change at page 5, line 44 | skipping to change at page 5, line 44 | |||
| 4. Header Field Definitions | 4. Header Field Definitions | |||
| This section defines the syntax and semantics of HTTP/1.1 header | This section defines the syntax and semantics of HTTP/1.1 header | |||
| fields related to authentication. | fields related to authentication. | |||
| 4.1. Authorization | 4.1. Authorization | |||
| A user agent that wishes to authenticate itself with a server-- | A user agent that wishes to authenticate itself with a server-- | |||
| usually, but not necessarily, after receiving a 401 response--does so | usually, but not necessarily, after receiving a 401 response--does so | |||
| by including an Authorization request-header field with the request. | by including an Authorization request-header field with the request. | |||
| The Authorization field value consists of credentials containing the | The field "Authorization" consists of credentials containing the | |||
| authentication information of the user agent for the realm of the | authentication information of the user agent for the realm of the | |||
| resource being requested. | resource being requested. | |||
| Authorization = "Authorization" ":" credentials | Authorization = "Authorization" ":" OWS Authorization-v | |||
| Authorization-v = credentials | ||||
| HTTP access authentication is described in "HTTP Authentication: | HTTP access authentication is described in "HTTP Authentication: | |||
| Basic and Digest Access Authentication" [RFC2617]. If a request is | Basic and Digest Access Authentication" [RFC2617]. If a request is | |||
| authenticated and a realm specified, the same credentials SHOULD be | authenticated and a realm specified, the same credentials SHOULD be | |||
| valid for all other requests within this realm (assuming that the | valid for all other requests within this realm (assuming that the | |||
| authentication scheme itself does not require otherwise, such as | authentication scheme itself does not require otherwise, such as | |||
| credentials that vary according to a challenge value or using | credentials that vary according to a challenge value or using | |||
| synchronized clocks). | synchronized clocks). | |||
| When a shared cache (see Section 9 of [Part6]) receives a request | When a shared cache (see Section 9 of [Part6]) receives a request | |||
| containing an Authorization field, it MUST NOT return the | containing an Authorization field, it MUST NOT return the | |||
| corresponding response as a reply to any other request, unless one of | corresponding response as a reply to any other request, unless one of | |||
| skipping to change at page 6, line 36 | skipping to change at page 6, line 38 | |||
| subsequent request. But if the response is stale, all caches | subsequent request. But if the response is stale, all caches | |||
| MUST first revalidate it with the origin server, using the | MUST first revalidate it with the origin server, using the | |||
| request-headers from the new request to allow the origin server | request-headers from the new request to allow the origin server | |||
| to authenticate the new request. | to authenticate the new request. | |||
| 3. If the response includes the "public" cache-control directive, it | 3. If the response includes the "public" cache-control directive, it | |||
| MAY be returned in reply to any subsequent request. | MAY be returned in reply to any subsequent request. | |||
| 4.2. Proxy-Authenticate | 4.2. Proxy-Authenticate | |||
| The Proxy-Authenticate response-header field MUST be included as part | The response-header field "Proxy-Authenticate" MUST be included as | |||
| of a 407 (Proxy Authentication Required) response. The field value | part of a 407 (Proxy Authentication Required) response. The field | |||
| consists of a challenge that indicates the authentication scheme and | value consists of a challenge that indicates the authentication | |||
| parameters applicable to the proxy for this Request-URI. | scheme and parameters applicable to the proxy for this Request-URI. | |||
| Proxy-Authenticate = "Proxy-Authenticate" ":" 1#challenge | Proxy-Authenticate = "Proxy-Authenticate" ":" OWS | |||
| Proxy-Authenticate-v | ||||
| Proxy-Authenticate-v = 1#challenge | ||||
| The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
| Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
| Unlike WWW-Authenticate, the Proxy-Authenticate header field applies | Unlike WWW-Authenticate, the Proxy-Authenticate header field applies | |||
| only to the current connection and SHOULD NOT be passed on to | only to the current connection and SHOULD NOT be passed on to | |||
| downstream clients. However, an intermediate proxy might need to | downstream clients. However, an intermediate proxy might need to | |||
| obtain its own credentials by requesting them from the downstream | obtain its own credentials by requesting them from the downstream | |||
| client, which in some circumstances will appear as if the proxy is | client, which in some circumstances will appear as if the proxy is | |||
| forwarding the Proxy-Authenticate header field. | forwarding the Proxy-Authenticate header field. | |||
| 4.3. Proxy-Authorization | 4.3. Proxy-Authorization | |||
| The Proxy-Authorization request-header field allows the client to | The request-header field "Proxy-Authorization" allows the client to | |||
| identify itself (or its user) to a proxy which requires | identify itself (or its user) to a proxy which requires | |||
| authentication. The Proxy-Authorization field value consists of | authentication. The Proxy-Authorization field value consists of | |||
| credentials containing the authentication information of the user | credentials containing the authentication information of the user | |||
| agent for the proxy and/or realm of the resource being requested. | agent for the proxy and/or realm of the resource being requested. | |||
| Proxy-Authorization = "Proxy-Authorization" ":" credentials | Proxy-Authorization = "Proxy-Authorization" ":" OWS | |||
| Proxy-Authorization-v | ||||
| Proxy-Authorization-v = credentials | ||||
| The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
| Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
| Unlike Authorization, the Proxy-Authorization header field applies | Unlike Authorization, the Proxy-Authorization header field applies | |||
| only to the next outbound proxy that demanded authentication using | only to the next outbound proxy that demanded authentication using | |||
| the Proxy-Authenticate field. When multiple proxies are used in a | the Proxy-Authenticate field. When multiple proxies are used in a | |||
| chain, the Proxy-Authorization header field is consumed by the first | chain, the Proxy-Authorization header field is consumed by the first | |||
| outbound proxy that was expecting to receive credentials. A proxy | outbound proxy that was expecting to receive credentials. A proxy | |||
| MAY relay the credentials from the client request to the next proxy | MAY relay the credentials from the client request to the next proxy | |||
| if that is the mechanism by which the proxies cooperatively | if that is the mechanism by which the proxies cooperatively | |||
| authenticate a given request. | authenticate a given request. | |||
| 4.4. WWW-Authenticate | 4.4. WWW-Authenticate | |||
| The WWW-Authenticate response-header field MUST be included in 401 | The WWW-Authenticate response-header field MUST be included in 401 | |||
| (Unauthorized) response messages. The field value consists of at | (Unauthorized) response messages. The field value consists of at | |||
| least one challenge that indicates the authentication scheme(s) and | least one challenge that indicates the authentication scheme(s) and | |||
| parameters applicable to the Request-URI. | parameters applicable to the Request-URI. | |||
| WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge | WWW-Authenticate = "WWW-Authenticate" ":" OWS WWW-Authenticate-v | |||
| WWW-Authenticate-v = 1#challenge | ||||
| The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
| Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
| User agents are advised to take special care in parsing the WWW- | User agents are advised to take special care in parsing the WWW- | |||
| Authenticate field value as it might contain more than one challenge, | Authenticate field value as it might contain more than one challenge, | |||
| or if more than one WWW-Authenticate header field is provided, the | or if more than one WWW-Authenticate header field is provided, the | |||
| contents of a challenge itself can contain a comma-separated list of | contents of a challenge itself can contain a comma-separated list of | |||
| authentication parameters. | authentication parameters. | |||
| 5. IANA Considerations | 5. IANA Considerations | |||
| skipping to change at page 9, line 16 | skipping to change at page 9, line 20 | |||
| [[anchor2: TBD.]] | [[anchor2: TBD.]] | |||
| 8. References | 8. References | |||
| 8.1. Normative References | 8.1. Normative References | |||
| [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | |||
| Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | |||
| and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, | and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, | |||
| and Message Parsing", draft-ietf-httpbis-p1-messaging-04 | and Message Parsing", draft-ietf-httpbis-p1-messaging-05 | |||
| (work in progress), August 2008. | (work in progress), November 2008. | |||
| [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | |||
| Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | |||
| and J. Reschke, Ed., "HTTP/1.1, part 6: Caching", | and J. Reschke, Ed., "HTTP/1.1, part 6: Caching", | |||
| draft-ietf-httpbis-p6-cache-04 (work in progress), | draft-ietf-httpbis-p6-cache-05 (work in progress), | |||
| August 2008. | November 2008. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | |||
| Leach, P., Luotonen, A., and L. Stewart, "HTTP | Leach, P., Luotonen, A., and L. Stewart, "HTTP | |||
| Authentication: Basic and Digest Access Authentication", | Authentication: Basic and Digest Access Authentication", | |||
| RFC 2617, June 1999. | RFC 2617, June 1999. | |||
| 8.2. Informative References | 8.2. Informative References | |||
| skipping to change at page 10, line 13 | skipping to change at page 10, line 19 | |||
| Appendix B. Change Log (to be removed by RFC Editor before publication) | Appendix B. Change Log (to be removed by RFC Editor before publication) | |||
| B.1. Since RFC2616 | B.1. Since RFC2616 | |||
| Extracted relevant partitions from [RFC2616]. | Extracted relevant partitions from [RFC2616]. | |||
| B.2. Since draft-ietf-httpbis-p7-auth-00 | B.2. Since draft-ietf-httpbis-p7-auth-00 | |||
| Closed issues: | Closed issues: | |||
| o <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative | o <http://tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative and | |||
| and Informative references" | Informative references" | |||
| B.3. Since draft-ietf-httpbis-p7-auth-01 | B.3. Since draft-ietf-httpbis-p7-auth-01 | |||
| Ongoing work on ABNF conversion | Ongoing work on ABNF conversion | |||
| (<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36>): | (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): | |||
| o Explicitly import BNF rules for "challenge" and "credentials" from | o Explicitly import BNF rules for "challenge" and "credentials" from | |||
| RFC2617. | RFC2617. | |||
| o Add explicit references to BNF syntax and rules imported from | o Add explicit references to BNF syntax and rules imported from | |||
| other parts of the specification. | other parts of the specification. | |||
| B.4. Since draft-ietf-httpbis-p7-auth-02 | B.4. Since draft-ietf-httpbis-p7-auth-02 | |||
| Ongoing work on IANA Message Header Registration | Ongoing work on IANA Message Header Registration | |||
| (<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/40>): | (<http://tools.ietf.org/wg/httpbis/trac/ticket/40>): | |||
| o Reference RFC 3984, and update header registrations for headers | o Reference RFC 3984, and update header registrations for headers | |||
| defined in this document. | defined in this document. | |||
| B.5. Since draft-ietf-httpbis-p7-auth-03 | B.5. Since draft-ietf-httpbis-p7-auth-03 | |||
| B.6. Since draft-ietf-httpbis-p7-auth-04 | ||||
| Ongoing work on ABNF conversion | ||||
| (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): | ||||
| o Use "/" instead of "|" for alternatives. | ||||
| o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional | ||||
| whitespace ("OWS") and required whitespace ("RWS"). | ||||
| o Rewrite ABNFs to spell out whitespace rules, factor out header | ||||
| value format definitions. | ||||
| Index | Index | |||
| 4 | 4 | |||
| 401 Unauthorized (status code) 5 | 401 Unauthorized (status code) 5 | |||
| 407 Proxy Authentication Required (status code) 5 | 407 Proxy Authentication Required (status code) 5 | |||
| A | A | |||
| Authorization header 5 | Authorization header 5 | |||
| G | G | |||
| Grammar | Grammar | |||
| Authorization 5 | Authorization 5 | |||
| Authorization-v 5 | ||||
| challenge 4 | challenge 4 | |||
| credentials 4 | credentials 4 | |||
| Proxy-Authenticate 6 | Proxy-Authenticate 6 | |||
| Proxy-Authenticate-v 6 | ||||
| Proxy-Authorization 7 | Proxy-Authorization 7 | |||
| Proxy-Authorization-v 7 | ||||
| WWW-Authenticate 7 | WWW-Authenticate 7 | |||
| WWW-Authenticate-v 7 | ||||
| H | H | |||
| Headers | Headers | |||
| Authorization 5 | Authorization 5 | |||
| Proxy-Authenticate 6 | Proxy-Authenticate 6 | |||
| Proxy-Authorization 7 | Proxy-Authorization 7 | |||
| WWW-Authenticate 7 | WWW-Authenticate 7 | |||
| P | P | |||
| Proxy-Authenticate header 6 | Proxy-Authenticate header 6 | |||
| End of changes. 32 change blocks. | ||||
| 33 lines changed or deleted | 59 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||