draft-ietf-httpbis-p7-auth-04.txt | draft-ietf-httpbis-p7-auth-05.txt | |||
---|---|---|---|---|
Network Working Group R. Fielding, Ed. | Network Working Group R. Fielding, Ed. | |||
Internet-Draft Day Software | Internet-Draft Day Software | |||
Obsoletes: 2616 (if approved) J. Gettys | Obsoletes: 2616 (if approved) J. Gettys | |||
Updates: 2617 (if approved) One Laptop per Child | Updates: 2617 (if approved) One Laptop per Child | |||
Intended status: Standards Track J. Mogul | Intended status: Standards Track J. Mogul | |||
Expires: March 2, 2009 HP | Expires: May 20, 2009 HP | |||
H. Frystyk | H. Frystyk | |||
Microsoft | Microsoft | |||
L. Masinter | L. Masinter | |||
Adobe Systems | Adobe Systems | |||
P. Leach | P. Leach | |||
Microsoft | Microsoft | |||
T. Berners-Lee | T. Berners-Lee | |||
W3C/MIT | W3C/MIT | |||
Y. Lafon, Ed. | Y. Lafon, Ed. | |||
W3C | W3C | |||
J. Reschke, Ed. | J. Reschke, Ed. | |||
greenbytes | greenbytes | |||
August 29, 2008 | November 16, 2008 | |||
HTTP/1.1, part 7: Authentication | HTTP/1.1, part 7: Authentication | |||
draft-ietf-httpbis-p7-auth-04 | draft-ietf-httpbis-p7-auth-05 | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 1, line 49 | skipping to change at page 1, line 49 | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on March 2, 2009. | This Internet-Draft will expire on May 20, 2009. | |||
Abstract | Abstract | |||
The Hypertext Transfer Protocol (HTTP) is an application-level | The Hypertext Transfer Protocol (HTTP) is an application-level | |||
protocol for distributed, collaborative, hypermedia information | protocol for distributed, collaborative, hypermedia information | |||
systems. HTTP has been in use by the World Wide Web global | systems. HTTP has been in use by the World Wide Web global | |||
information initiative since 1990. This document is Part 7 of the | information initiative since 1990. This document is Part 7 of the | |||
seven-part specification that defines the protocol referred to as | seven-part specification that defines the protocol referred to as | |||
"HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines | "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines | |||
HTTP Authentication. | HTTP Authentication. | |||
Editorial Note (To be removed by RFC Editor) | Editorial Note (To be removed by RFC Editor) | |||
Discussion of this draft should take place on the HTTPBIS working | Discussion of this draft should take place on the HTTPBIS working | |||
group mailing list (ietf-http-wg@w3.org). The current issues list is | group mailing list (ietf-http-wg@w3.org). The current issues list is | |||
at <http://www.tools.ietf.org/wg/httpbis/trac/report/11> and related | at <http://tools.ietf.org/wg/httpbis/trac/report/11> and related | |||
documents (including fancy diffs) can be found at | documents (including fancy diffs) can be found at | |||
<http://www.tools.ietf.org/wg/httpbis/>. | <http://tools.ietf.org/wg/httpbis/>. | |||
The changes in this draft are summarized in Appendix B.4. | The changes in this draft are summarized in Appendix B.6. | |||
Table of Contents | Table of Contents | |||
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
2. Notational Conventions and Generic Grammar . . . . . . . . . . 4 | 2. Notational Conventions and Generic Grammar . . . . . . . . . . 4 | |||
3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 5 | 3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 5 | |||
3.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 5 | 3.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 5 | |||
3.2. 407 Proxy Authentication Required . . . . . . . . . . . . 5 | 3.2. 407 Proxy Authentication Required . . . . . . . . . . . . 5 | |||
4. Header Field Definitions . . . . . . . . . . . . . . . . . . . 5 | 4. Header Field Definitions . . . . . . . . . . . . . . . . . . . 5 | |||
4.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 5 | 4.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 5 | |||
4.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 6 | 4.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 6 | |||
4.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 7 | 4.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 7 | |||
4.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | 4.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | |||
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 | |||
5.1. Message Header Registration . . . . . . . . . . . . . . . 7 | 5.1. Message Header Registration . . . . . . . . . . . . . . . 8 | |||
6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 6. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
6.1. Authentication Credentials and Idle Clients . . . . . . . 8 | 6.1. Authentication Credentials and Idle Clients . . . . . . . 8 | |||
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | 8.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
8.2. Informative References . . . . . . . . . . . . . . . . . . 9 | 8.2. Informative References . . . . . . . . . . . . . . . . . . 9 | |||
Appendix A. Compatibility with Previous Versions . . . . . . . . 9 | Appendix A. Compatibility with Previous Versions . . . . . . . . 10 | |||
A.1. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 9 | A.1. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 10 | |||
Appendix B. Change Log (to be removed by RFC Editor before | Appendix B. Change Log (to be removed by RFC Editor before | |||
publication) . . . . . . . . . . . . . . . . . . . . 9 | publication) . . . . . . . . . . . . . . . . . . . . 10 | |||
B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 10 | B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 10 | |||
B.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 10 | B.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 10 | |||
B.3. Since draft-ietf-httpbis-p7-auth-01 . . . . . . . . . . . 10 | B.3. Since draft-ietf-httpbis-p7-auth-01 . . . . . . . . . . . 10 | |||
B.4. Since draft-ietf-httpbis-p7-auth-02 . . . . . . . . . . . 10 | B.4. Since draft-ietf-httpbis-p7-auth-02 . . . . . . . . . . . 10 | |||
B.5. Since draft-ietf-httpbis-p7-auth-03 . . . . . . . . . . . 10 | B.5. Since draft-ietf-httpbis-p7-auth-03 . . . . . . . . . . . 10 | |||
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 | B.6. Since draft-ietf-httpbis-p7-auth-04 . . . . . . . . . . . 10 | |||
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 | ||||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 14 | Intellectual Property and Copyright Statements . . . . . . . . . . 15 | |||
1. Introduction | 1. Introduction | |||
This document defines HTTP/1.1 access control and authentication. | This document defines HTTP/1.1 access control and authentication. | |||
Right now it includes the extracted relevant sections of RFC 2616 | Right now it includes the extracted relevant sections of RFC 2616 | |||
with only minor changes. The intention is to move the general | with only minor changes. The intention is to move the general | |||
framework for HTTP authentication here, as currently specified in | framework for HTTP authentication here, as currently specified in | |||
[RFC2617], and allow the individual authentication mechanisms to be | [RFC2617], and allow the individual authentication mechanisms to be | |||
defined elsewhere. This introduction will be rewritten when that | defined elsewhere. This introduction will be rewritten when that | |||
occurs. | occurs. | |||
skipping to change at page 4, line 42 | skipping to change at page 4, line 42 | |||
implements. An implementation that satisfies all the MUST or | implements. An implementation that satisfies all the MUST or | |||
REQUIRED level and all the SHOULD level requirements for its | REQUIRED level and all the SHOULD level requirements for its | |||
protocols is said to be "unconditionally compliant"; one that | protocols is said to be "unconditionally compliant"; one that | |||
satisfies all the MUST level requirements but not all the SHOULD | satisfies all the MUST level requirements but not all the SHOULD | |||
level requirements for its protocols is said to be "conditionally | level requirements for its protocols is said to be "conditionally | |||
compliant." | compliant." | |||
2. Notational Conventions and Generic Grammar | 2. Notational Conventions and Generic Grammar | |||
This specification uses the ABNF syntax defined in Section 2.1 of | This specification uses the ABNF syntax defined in Section 2.1 of | |||
[Part1]. [[abnf.dep: ABNF syntax and basic rules will be adopted from | [Part1]. | |||
RFC 5234, see <http://tools.ietf.org/wg/httpbis/trac/ticket/36>.]] | ||||
The ABNF rules below are defined in other specifications: | The ABNF rules below are defined in other specifications: | |||
OWS = <OWS, defined in [Part1], Section 2.2> | ||||
challenge = <challenge, defined in [RFC2617], Section 1.2> | challenge = <challenge, defined in [RFC2617], Section 1.2> | |||
credentials = <credentials, defined in [RFC2617], Section 1.2> | credentials = <credentials, defined in [RFC2617], Section 1.2> | |||
3. Status Code Definitions | 3. Status Code Definitions | |||
3.1. 401 Unauthorized | 3.1. 401 Unauthorized | |||
The request requires user authentication. The response MUST include | The request requires user authentication. The response MUST include | |||
a WWW-Authenticate header field (Section 4.4) containing a challenge | a WWW-Authenticate header field (Section 4.4) containing a challenge | |||
applicable to the requested resource. The client MAY repeat the | applicable to the requested resource. The client MAY repeat the | |||
skipping to change at page 5, line 44 | skipping to change at page 5, line 44 | |||
4. Header Field Definitions | 4. Header Field Definitions | |||
This section defines the syntax and semantics of HTTP/1.1 header | This section defines the syntax and semantics of HTTP/1.1 header | |||
fields related to authentication. | fields related to authentication. | |||
4.1. Authorization | 4.1. Authorization | |||
A user agent that wishes to authenticate itself with a server-- | A user agent that wishes to authenticate itself with a server-- | |||
usually, but not necessarily, after receiving a 401 response--does so | usually, but not necessarily, after receiving a 401 response--does so | |||
by including an Authorization request-header field with the request. | by including an Authorization request-header field with the request. | |||
The Authorization field value consists of credentials containing the | The field "Authorization" consists of credentials containing the | |||
authentication information of the user agent for the realm of the | authentication information of the user agent for the realm of the | |||
resource being requested. | resource being requested. | |||
Authorization = "Authorization" ":" credentials | Authorization = "Authorization" ":" OWS Authorization-v | |||
Authorization-v = credentials | ||||
HTTP access authentication is described in "HTTP Authentication: | HTTP access authentication is described in "HTTP Authentication: | |||
Basic and Digest Access Authentication" [RFC2617]. If a request is | Basic and Digest Access Authentication" [RFC2617]. If a request is | |||
authenticated and a realm specified, the same credentials SHOULD be | authenticated and a realm specified, the same credentials SHOULD be | |||
valid for all other requests within this realm (assuming that the | valid for all other requests within this realm (assuming that the | |||
authentication scheme itself does not require otherwise, such as | authentication scheme itself does not require otherwise, such as | |||
credentials that vary according to a challenge value or using | credentials that vary according to a challenge value or using | |||
synchronized clocks). | synchronized clocks). | |||
When a shared cache (see Section 9 of [Part6]) receives a request | When a shared cache (see Section 9 of [Part6]) receives a request | |||
containing an Authorization field, it MUST NOT return the | containing an Authorization field, it MUST NOT return the | |||
corresponding response as a reply to any other request, unless one of | corresponding response as a reply to any other request, unless one of | |||
skipping to change at page 6, line 36 | skipping to change at page 6, line 38 | |||
subsequent request. But if the response is stale, all caches | subsequent request. But if the response is stale, all caches | |||
MUST first revalidate it with the origin server, using the | MUST first revalidate it with the origin server, using the | |||
request-headers from the new request to allow the origin server | request-headers from the new request to allow the origin server | |||
to authenticate the new request. | to authenticate the new request. | |||
3. If the response includes the "public" cache-control directive, it | 3. If the response includes the "public" cache-control directive, it | |||
MAY be returned in reply to any subsequent request. | MAY be returned in reply to any subsequent request. | |||
4.2. Proxy-Authenticate | 4.2. Proxy-Authenticate | |||
The Proxy-Authenticate response-header field MUST be included as part | The response-header field "Proxy-Authenticate" MUST be included as | |||
of a 407 (Proxy Authentication Required) response. The field value | part of a 407 (Proxy Authentication Required) response. The field | |||
consists of a challenge that indicates the authentication scheme and | value consists of a challenge that indicates the authentication | |||
parameters applicable to the proxy for this Request-URI. | scheme and parameters applicable to the proxy for this Request-URI. | |||
Proxy-Authenticate = "Proxy-Authenticate" ":" 1#challenge | Proxy-Authenticate = "Proxy-Authenticate" ":" OWS | |||
Proxy-Authenticate-v | ||||
Proxy-Authenticate-v = 1#challenge | ||||
The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
Unlike WWW-Authenticate, the Proxy-Authenticate header field applies | Unlike WWW-Authenticate, the Proxy-Authenticate header field applies | |||
only to the current connection and SHOULD NOT be passed on to | only to the current connection and SHOULD NOT be passed on to | |||
downstream clients. However, an intermediate proxy might need to | downstream clients. However, an intermediate proxy might need to | |||
obtain its own credentials by requesting them from the downstream | obtain its own credentials by requesting them from the downstream | |||
client, which in some circumstances will appear as if the proxy is | client, which in some circumstances will appear as if the proxy is | |||
forwarding the Proxy-Authenticate header field. | forwarding the Proxy-Authenticate header field. | |||
4.3. Proxy-Authorization | 4.3. Proxy-Authorization | |||
The Proxy-Authorization request-header field allows the client to | The request-header field "Proxy-Authorization" allows the client to | |||
identify itself (or its user) to a proxy which requires | identify itself (or its user) to a proxy which requires | |||
authentication. The Proxy-Authorization field value consists of | authentication. The Proxy-Authorization field value consists of | |||
credentials containing the authentication information of the user | credentials containing the authentication information of the user | |||
agent for the proxy and/or realm of the resource being requested. | agent for the proxy and/or realm of the resource being requested. | |||
Proxy-Authorization = "Proxy-Authorization" ":" credentials | Proxy-Authorization = "Proxy-Authorization" ":" OWS | |||
Proxy-Authorization-v | ||||
Proxy-Authorization-v = credentials | ||||
The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
Unlike Authorization, the Proxy-Authorization header field applies | Unlike Authorization, the Proxy-Authorization header field applies | |||
only to the next outbound proxy that demanded authentication using | only to the next outbound proxy that demanded authentication using | |||
the Proxy-Authenticate field. When multiple proxies are used in a | the Proxy-Authenticate field. When multiple proxies are used in a | |||
chain, the Proxy-Authorization header field is consumed by the first | chain, the Proxy-Authorization header field is consumed by the first | |||
outbound proxy that was expecting to receive credentials. A proxy | outbound proxy that was expecting to receive credentials. A proxy | |||
MAY relay the credentials from the client request to the next proxy | MAY relay the credentials from the client request to the next proxy | |||
if that is the mechanism by which the proxies cooperatively | if that is the mechanism by which the proxies cooperatively | |||
authenticate a given request. | authenticate a given request. | |||
4.4. WWW-Authenticate | 4.4. WWW-Authenticate | |||
The WWW-Authenticate response-header field MUST be included in 401 | The WWW-Authenticate response-header field MUST be included in 401 | |||
(Unauthorized) response messages. The field value consists of at | (Unauthorized) response messages. The field value consists of at | |||
least one challenge that indicates the authentication scheme(s) and | least one challenge that indicates the authentication scheme(s) and | |||
parameters applicable to the Request-URI. | parameters applicable to the Request-URI. | |||
WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge | WWW-Authenticate = "WWW-Authenticate" ":" OWS WWW-Authenticate-v | |||
WWW-Authenticate-v = 1#challenge | ||||
The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
User agents are advised to take special care in parsing the WWW- | User agents are advised to take special care in parsing the WWW- | |||
Authenticate field value as it might contain more than one challenge, | Authenticate field value as it might contain more than one challenge, | |||
or if more than one WWW-Authenticate header field is provided, the | or if more than one WWW-Authenticate header field is provided, the | |||
contents of a challenge itself can contain a comma-separated list of | contents of a challenge itself can contain a comma-separated list of | |||
authentication parameters. | authentication parameters. | |||
5. IANA Considerations | 5. IANA Considerations | |||
skipping to change at page 9, line 16 | skipping to change at page 9, line 20 | |||
[[anchor2: TBD.]] | [[anchor2: TBD.]] | |||
8. References | 8. References | |||
8.1. Normative References | 8.1. Normative References | |||
[Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | |||
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | |||
and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, | and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, | |||
and Message Parsing", draft-ietf-httpbis-p1-messaging-04 | and Message Parsing", draft-ietf-httpbis-p1-messaging-05 | |||
(work in progress), August 2008. | (work in progress), November 2008. | |||
[Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | |||
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | |||
and J. Reschke, Ed., "HTTP/1.1, part 6: Caching", | and J. Reschke, Ed., "HTTP/1.1, part 6: Caching", | |||
draft-ietf-httpbis-p6-cache-04 (work in progress), | draft-ietf-httpbis-p6-cache-05 (work in progress), | |||
August 2008. | November 2008. | |||
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
[RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | |||
Leach, P., Luotonen, A., and L. Stewart, "HTTP | Leach, P., Luotonen, A., and L. Stewart, "HTTP | |||
Authentication: Basic and Digest Access Authentication", | Authentication: Basic and Digest Access Authentication", | |||
RFC 2617, June 1999. | RFC 2617, June 1999. | |||
8.2. Informative References | 8.2. Informative References | |||
skipping to change at page 10, line 13 | skipping to change at page 10, line 19 | |||
Appendix B. Change Log (to be removed by RFC Editor before publication) | Appendix B. Change Log (to be removed by RFC Editor before publication) | |||
B.1. Since RFC2616 | B.1. Since RFC2616 | |||
Extracted relevant partitions from [RFC2616]. | Extracted relevant partitions from [RFC2616]. | |||
B.2. Since draft-ietf-httpbis-p7-auth-00 | B.2. Since draft-ietf-httpbis-p7-auth-00 | |||
Closed issues: | Closed issues: | |||
o <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative | o <http://tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative and | |||
and Informative references" | Informative references" | |||
B.3. Since draft-ietf-httpbis-p7-auth-01 | B.3. Since draft-ietf-httpbis-p7-auth-01 | |||
Ongoing work on ABNF conversion | Ongoing work on ABNF conversion | |||
(<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36>): | (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): | |||
o Explicitly import BNF rules for "challenge" and "credentials" from | o Explicitly import BNF rules for "challenge" and "credentials" from | |||
RFC2617. | RFC2617. | |||
o Add explicit references to BNF syntax and rules imported from | o Add explicit references to BNF syntax and rules imported from | |||
other parts of the specification. | other parts of the specification. | |||
B.4. Since draft-ietf-httpbis-p7-auth-02 | B.4. Since draft-ietf-httpbis-p7-auth-02 | |||
Ongoing work on IANA Message Header Registration | Ongoing work on IANA Message Header Registration | |||
(<http://www3.tools.ietf.org/wg/httpbis/trac/ticket/40>): | (<http://tools.ietf.org/wg/httpbis/trac/ticket/40>): | |||
o Reference RFC 3984, and update header registrations for headers | o Reference RFC 3984, and update header registrations for headers | |||
defined in this document. | defined in this document. | |||
B.5. Since draft-ietf-httpbis-p7-auth-03 | B.5. Since draft-ietf-httpbis-p7-auth-03 | |||
B.6. Since draft-ietf-httpbis-p7-auth-04 | ||||
Ongoing work on ABNF conversion | ||||
(<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): | ||||
o Use "/" instead of "|" for alternatives. | ||||
o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional | ||||
whitespace ("OWS") and required whitespace ("RWS"). | ||||
o Rewrite ABNFs to spell out whitespace rules, factor out header | ||||
value format definitions. | ||||
Index | Index | |||
4 | 4 | |||
401 Unauthorized (status code) 5 | 401 Unauthorized (status code) 5 | |||
407 Proxy Authentication Required (status code) 5 | 407 Proxy Authentication Required (status code) 5 | |||
A | A | |||
Authorization header 5 | Authorization header 5 | |||
G | G | |||
Grammar | Grammar | |||
Authorization 5 | Authorization 5 | |||
Authorization-v 5 | ||||
challenge 4 | challenge 4 | |||
credentials 4 | credentials 4 | |||
Proxy-Authenticate 6 | Proxy-Authenticate 6 | |||
Proxy-Authenticate-v 6 | ||||
Proxy-Authorization 7 | Proxy-Authorization 7 | |||
Proxy-Authorization-v 7 | ||||
WWW-Authenticate 7 | WWW-Authenticate 7 | |||
WWW-Authenticate-v 7 | ||||
H | H | |||
Headers | Headers | |||
Authorization 5 | Authorization 5 | |||
Proxy-Authenticate 6 | Proxy-Authenticate 6 | |||
Proxy-Authorization 7 | Proxy-Authorization 7 | |||
WWW-Authenticate 7 | WWW-Authenticate 7 | |||
P | P | |||
Proxy-Authenticate header 6 | Proxy-Authenticate header 6 | |||
End of changes. 32 change blocks. | ||||
33 lines changed or deleted | 59 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |