draft-ietf-httpbis-p7-auth-13.txt   draft-ietf-httpbis-p7-auth-14.txt 
HTTPbis Working Group R. Fielding, Ed. HTTPbis Working Group R. Fielding, Ed.
Internet-Draft Adobe Internet-Draft Adobe
Obsoletes: 2616 (if approved) J. Gettys Obsoletes: 2616 (if approved) J. Gettys
Updates: 2617 (if approved) Alcatel-Lucent Updates: 2617 (if approved) Alcatel-Lucent
Intended status: Standards Track J. Mogul Intended status: Standards Track J. Mogul
Expires: September 15, 2011 HP Expires: October 20, 2011 HP
H. Frystyk H. Frystyk
Microsoft Microsoft
L. Masinter L. Masinter
Adobe Adobe
P. Leach P. Leach
Microsoft Microsoft
T. Berners-Lee T. Berners-Lee
W3C/MIT W3C/MIT
Y. Lafon, Ed. Y. Lafon, Ed.
W3C W3C
J. Reschke, Ed. J. Reschke, Ed.
greenbytes greenbytes
March 14, 2011 April 18, 2011
HTTP/1.1, part 7: Authentication HTTP/1.1, part 7: Authentication
draft-ietf-httpbis-p7-auth-13 draft-ietf-httpbis-p7-auth-14
Abstract Abstract
The Hypertext Transfer Protocol (HTTP) is an application-level The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information protocol for distributed, collaborative, hypermedia information
systems. HTTP has been in use by the World Wide Web global systems. HTTP has been in use by the World Wide Web global
information initiative since 1990. This document is Part 7 of the information initiative since 1990. This document is Part 7 of the
seven-part specification that defines the protocol referred to as seven-part specification that defines the protocol referred to as
"HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines
HTTP Authentication. HTTP Authentication.
Editorial Note (To be removed by RFC Editor) Editorial Note (To be removed by RFC Editor)
Discussion of this draft should take place on the HTTPBIS working Discussion of this draft should take place on the HTTPBIS working
group mailing list (ietf-http-wg@w3.org). The current issues list is group mailing list (ietf-http-wg@w3.org), which is archived at
at <http://tools.ietf.org/wg/httpbis/trac/report/3> and related <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
The current issues list is at
<http://tools.ietf.org/wg/httpbis/trac/report/3> and related
documents (including fancy diffs) can be found at documents (including fancy diffs) can be found at
<http://tools.ietf.org/wg/httpbis/>. <http://tools.ietf.org/wg/httpbis/>.
The changes in this draft are summarized in Appendix B.14. The changes in this draft are summarized in Appendix C.15.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
skipping to change at page 2, line 15 skipping to change at page 2, line 17
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 15, 2011. This Internet-Draft will expire on October 20, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 25 skipping to change at page 3, line 25
3.2. 407 Proxy Authentication Required . . . . . . . . . . . . 7 3.2. 407 Proxy Authentication Required . . . . . . . . . . . . 7
4. Header Field Definitions . . . . . . . . . . . . . . . . . . . 8 4. Header Field Definitions . . . . . . . . . . . . . . . . . . . 8
4.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 8 4.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 8
4.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 9 4.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 9
4.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 9 4.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 9
4.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 9 4.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 9
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
5.1. Authenticaton Scheme Registry . . . . . . . . . . . . . . 10 5.1. Authenticaton Scheme Registry . . . . . . . . . . . . . . 10
5.2. Status Code Registration . . . . . . . . . . . . . . . . . 10 5.2. Status Code Registration . . . . . . . . . . . . . . . . . 10
5.3. Header Field Registration . . . . . . . . . . . . . . . . 10 5.3. Header Field Registration . . . . . . . . . . . . . . . . 10
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Security Considerations . . . . . . . . . . . . . . . . . . . 10
6.1. Authentication Credentials and Idle Clients . . . . . . . 11 6.1. Authentication Credentials and Idle Clients . . . . . . . 11
7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 11
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
8.1. Normative References . . . . . . . . . . . . . . . . . . . 12 8.1. Normative References . . . . . . . . . . . . . . . . . . . 11
8.2. Informative References . . . . . . . . . . . . . . . . . . 12 8.2. Informative References . . . . . . . . . . . . . . . . . . 12
Appendix A. Collected ABNF . . . . . . . . . . . . . . . . . . . 13 Appendix A. Changes from RFC 2616 . . . . . . . . . . . . . . . . 12
Appendix B. Change Log (to be removed by RFC Editor before Appendix B. Collected ABNF . . . . . . . . . . . . . . . . . . . 13
Appendix C. Change Log (to be removed by RFC Editor before
publication) . . . . . . . . . . . . . . . . . . . . 13 publication) . . . . . . . . . . . . . . . . . . . . 13
B.1. Since RFC 2616 . . . . . . . . . . . . . . . . . . . . . . 13 C.1. Since RFC 2616 . . . . . . . . . . . . . . . . . . . . . . 13
B.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 14 C.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 13
B.3. Since draft-ietf-httpbis-p7-auth-01 . . . . . . . . . . . 14 C.3. Since draft-ietf-httpbis-p7-auth-01 . . . . . . . . . . . 14
B.4. Since draft-ietf-httpbis-p7-auth-02 . . . . . . . . . . . 14 C.4. Since draft-ietf-httpbis-p7-auth-02 . . . . . . . . . . . 14
B.5. Since draft-ietf-httpbis-p7-auth-03 . . . . . . . . . . . 14 C.5. Since draft-ietf-httpbis-p7-auth-03 . . . . . . . . . . . 14
B.6. Since draft-ietf-httpbis-p7-auth-04 . . . . . . . . . . . 14 C.6. Since draft-ietf-httpbis-p7-auth-04 . . . . . . . . . . . 14
B.7. Since draft-ietf-httpbis-p7-auth-05 . . . . . . . . . . . 14 C.7. Since draft-ietf-httpbis-p7-auth-05 . . . . . . . . . . . 14
B.8. Since draft-ietf-httpbis-p7-auth-06 . . . . . . . . . . . 15 C.8. Since draft-ietf-httpbis-p7-auth-06 . . . . . . . . . . . 14
B.9. Since draft-ietf-httpbis-p7-auth-07 . . . . . . . . . . . 15 C.9. Since draft-ietf-httpbis-p7-auth-07 . . . . . . . . . . . 15
B.10. Since draft-ietf-httpbis-p7-auth-08 . . . . . . . . . . . 15 C.10. Since draft-ietf-httpbis-p7-auth-08 . . . . . . . . . . . 15
B.11. Since draft-ietf-httpbis-p7-auth-09 . . . . . . . . . . . 15 C.11. Since draft-ietf-httpbis-p7-auth-09 . . . . . . . . . . . 15
B.12. Since draft-ietf-httpbis-p7-auth-10 . . . . . . . . . . . 15 C.12. Since draft-ietf-httpbis-p7-auth-10 . . . . . . . . . . . 15
B.13. Since draft-ietf-httpbis-p7-auth-11 . . . . . . . . . . . 15 C.13. Since draft-ietf-httpbis-p7-auth-11 . . . . . . . . . . . 15
B.14. Since draft-ietf-httpbis-p7-auth-12 . . . . . . . . . . . 16 C.14. Since draft-ietf-httpbis-p7-auth-12 . . . . . . . . . . . 15
C.15. Since draft-ietf-httpbis-p7-auth-13 . . . . . . . . . . . 16
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction 1. Introduction
This document defines HTTP/1.1 access control and authentication. It This document defines HTTP/1.1 access control and authentication. It
includes the relevant parts of RFC 2616 with only minor changes, plus includes the relevant parts of RFC 2616 with only minor changes, plus
the general framework for HTTP authentication, as previously defined the general framework for HTTP authentication, as previously defined
in "HTTP Authentication: Basic and Digest Access Authentication" in "HTTP Authentication: Basic and Digest Access Authentication"
([RFC2617]). ([RFC2617]).
skipping to change at page 4, line 38 skipping to change at page 4, line 38
"REQUIRED" level and all the "SHOULD" level requirements for its "REQUIRED" level and all the "SHOULD" level requirements for its
protocols is said to be "unconditionally compliant"; one that protocols is said to be "unconditionally compliant"; one that
satisfies all the "MUST" level requirements but not all the "SHOULD" satisfies all the "MUST" level requirements but not all the "SHOULD"
level requirements for its protocols is said to be "conditionally level requirements for its protocols is said to be "conditionally
compliant". compliant".
1.2. Syntax Notation 1.2. Syntax Notation
This specification uses the ABNF syntax defined in Section 1.2 of This specification uses the ABNF syntax defined in Section 1.2 of
[Part1] (which extends the syntax defined in [RFC5234] with a list [Part1] (which extends the syntax defined in [RFC5234] with a list
rule). Appendix A shows the collected ABNF, with the list rule rule). Appendix B shows the collected ABNF, with the list rule
expanded. expanded.
The following core rules are included by reference, as defined in The following core rules are included by reference, as defined in
[RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF [RFC5234], Appendix B.1: ALPHA (letters), CR (carriage return), CRLF
(CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote), (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double quote),
HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any 8-bit
sequence of data), SP (space), VCHAR (any visible USASCII character), sequence of data), SP (space), VCHAR (any visible USASCII character),
and WSP (whitespace). and WSP (whitespace).
1.2.1. Core Rules 1.2.1. Core Rules
skipping to change at page 8, line 19 skipping to change at page 8, line 19
fields related to authentication. fields related to authentication.
4.1. Authorization 4.1. Authorization
The "Authorization" header field allows a user agent to authenticate The "Authorization" header field allows a user agent to authenticate
itself with a server -- usually, but not necessarily, after receiving itself with a server -- usually, but not necessarily, after receiving
a 401 (Unauthorized) response. Its value consists of credentials a 401 (Unauthorized) response. Its value consists of credentials
containing information of the user agent for the realm of the containing information of the user agent for the realm of the
resource being requested. resource being requested.
Authorization = "Authorization" ":" OWS Authorization-v Authorization = credentials
Authorization-v = credentials
If a request is authenticated and a realm specified, the same If a request is authenticated and a realm specified, the same
credentials SHOULD be valid for all other requests within this realm credentials SHOULD be valid for all other requests within this realm
(assuming that the authentication scheme itself does not require (assuming that the authentication scheme itself does not require
otherwise, such as credentials that vary according to a challenge otherwise, such as credentials that vary according to a challenge
value or using synchronized clocks). value or using synchronized clocks).
When a shared cache (see Section 1.2 of [Part6]) receives a request When a shared cache (see Section 1.2 of [Part6]) receives a request
containing an Authorization field, it MUST NOT return the containing an Authorization field, it MUST NOT return the
corresponding response as a reply to any other request, unless one of corresponding response as a reply to any other request, unless one of
skipping to change at page 9, line 13 skipping to change at page 9, line 13
MAY be returned in reply to any subsequent request. MAY be returned in reply to any subsequent request.
4.2. Proxy-Authenticate 4.2. Proxy-Authenticate
The "Proxy-Authenticate" header field consists of a challenge that The "Proxy-Authenticate" header field consists of a challenge that
indicates the authentication scheme and parameters applicable to the indicates the authentication scheme and parameters applicable to the
proxy for this effective request URI (Section 4.3 of [Part1]). It proxy for this effective request URI (Section 4.3 of [Part1]). It
MUST be included as part of a 407 (Proxy Authentication Required) MUST be included as part of a 407 (Proxy Authentication Required)
response. response.
Proxy-Authenticate = "Proxy-Authenticate" ":" OWS Proxy-Authenticate = 1#challenge
Proxy-Authenticate-v
Proxy-Authenticate-v = 1#challenge
Unlike WWW-Authenticate, the Proxy-Authenticate header field applies Unlike WWW-Authenticate, the Proxy-Authenticate header field applies
only to the current connection and SHOULD NOT be passed on to only to the current connection and SHOULD NOT be passed on to
downstream clients. However, an intermediate proxy might need to downstream clients. However, an intermediate proxy might need to
obtain its own credentials by requesting them from the downstream obtain its own credentials by requesting them from the downstream
client, which in some circumstances will appear as if the proxy is client, which in some circumstances will appear as if the proxy is
forwarding the Proxy-Authenticate header field. forwarding the Proxy-Authenticate header field.
4.3. Proxy-Authorization 4.3. Proxy-Authorization
The "Proxy-Authorization" header field allows the client to identify The "Proxy-Authorization" header field allows the client to identify
itself (or its user) to a proxy which requires authentication. Its itself (or its user) to a proxy which requires authentication. Its
value consists of credentials containing the authentication value consists of credentials containing the authentication
information of the user agent for the proxy and/or realm of the information of the user agent for the proxy and/or realm of the
resource being requested. resource being requested.
Proxy-Authorization = "Proxy-Authorization" ":" OWS Proxy-Authorization = credentials
Proxy-Authorization-v
Proxy-Authorization-v = credentials
Unlike Authorization, the Proxy-Authorization header field applies Unlike Authorization, the Proxy-Authorization header field applies
only to the next outbound proxy that demanded authentication using only to the next outbound proxy that demanded authentication using
the Proxy-Authenticate field. When multiple proxies are used in a the Proxy-Authenticate field. When multiple proxies are used in a
chain, the Proxy-Authorization header field is consumed by the first chain, the Proxy-Authorization header field is consumed by the first
outbound proxy that was expecting to receive credentials. A proxy outbound proxy that was expecting to receive credentials. A proxy
MAY relay the credentials from the client request to the next proxy MAY relay the credentials from the client request to the next proxy
if that is the mechanism by which the proxies cooperatively if that is the mechanism by which the proxies cooperatively
authenticate a given request. authenticate a given request.
4.4. WWW-Authenticate 4.4. WWW-Authenticate
The "WWW-Authenticate" header field consists of at least one The "WWW-Authenticate" header field consists of at least one
challenge that indicates the authentication scheme(s) and parameters challenge that indicates the authentication scheme(s) and parameters
applicable to the effective request URI (Section 4.3 of [Part1]). It applicable to the effective request URI (Section 4.3 of [Part1]). It
MUST be included in 401 (Unauthorized) response messages. MUST be included in 401 (Unauthorized) response messages.
WWW-Authenticate = "WWW-Authenticate" ":" OWS WWW-Authenticate-v WWW-Authenticate = 1#challenge
WWW-Authenticate-v = 1#challenge
User agents are advised to take special care in parsing the WWW- User agents are advised to take special care in parsing the WWW-
Authenticate field value as it might contain more than one challenge, Authenticate field value as it might contain more than one challenge,
or if more than one WWW-Authenticate header field is provided, the or if more than one WWW-Authenticate header field is provided, the
contents of a challenge itself can contain a comma-separated list of contents of a challenge itself can contain a comma-separated list of
authentication parameters. authentication parameters.
5. IANA Considerations 5. IANA Considerations
5.1. Authenticaton Scheme Registry 5.1. Authenticaton Scheme Registry
skipping to change at page 12, line 4 skipping to change at page 11, line 45
This specification takes over the definition of the HTTP This specification takes over the definition of the HTTP
Authentication Framework, previously defined in RFC 2617. We thank Authentication Framework, previously defined in RFC 2617. We thank
to John Franks, Phillip M. Hallam-Baker, Jeffery L. Hostetler, Scott to John Franks, Phillip M. Hallam-Baker, Jeffery L. Hostetler, Scott
D. Lawrence, Paul J. Leach, Ari Luotonen, and Lawrence C. Stewart for D. Lawrence, Paul J. Leach, Ari Luotonen, and Lawrence C. Stewart for
their work on that specification. their work on that specification.
[[acks: HTTPbis acknowledgements.]] [[acks: HTTPbis acknowledgements.]]
8. References 8. References
8.1. Normative References 8.1. Normative References
[Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections,
and Message Parsing", draft-ietf-httpbis-p1-messaging-13 and Message Parsing", draft-ietf-httpbis-p1-messaging-14
(work in progress), March 2011. (work in progress), April 2011.
[Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,
Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed.,
Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part
6: Caching", draft-ietf-httpbis-p6-cache-13 (work in 6: Caching", draft-ietf-httpbis-p6-cache-14 (work in
progress), March 2011. progress), April 2011.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008. Specifications: ABNF", STD 68, RFC 5234, January 2008.
8.2. Informative References 8.2. Informative References
[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H., [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
skipping to change at page 13, line 5 skipping to change at page 12, line 37
RFC 2617, June 1999. RFC 2617, June 1999.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864, Procedures for Message Header Fields", BCP 90, RFC 3864,
September 2004. September 2004.
[RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an
IANA Considerations Section in RFCs", BCP 26, RFC 5226, IANA Considerations Section in RFCs", BCP 26, RFC 5226,
May 2008. May 2008.
Appendix A. Collected ABNF Appendix A. Changes from RFC 2616
Authorization = "Authorization:" OWS Authorization-v Change ABNF productions for header fields to only define the field
Authorization-v = credentials value. (Section 4)
Appendix B. Collected ABNF
Authorization = credentials
OWS = <OWS, defined in [Part1], Section 1.2.2> OWS = <OWS, defined in [Part1], Section 1.2.2>
Proxy-Authenticate = "Proxy-Authenticate:" OWS Proxy-Authenticate-v Proxy-Authenticate = *( "," OWS ) challenge *( OWS "," [ OWS
Proxy-Authenticate-v = *( "," OWS ) challenge *( OWS "," [ OWS
challenge ] ) challenge ] )
Proxy-Authorization = "Proxy-Authorization:" OWS Proxy-Authorization = credentials
Proxy-Authorization-v
Proxy-Authorization-v = credentials
WWW-Authenticate = "WWW-Authenticate:" OWS WWW-Authenticate-v WWW-Authenticate = *( "," OWS ) challenge *( OWS "," [ OWS challenge
WWW-Authenticate-v = *( "," OWS ) challenge *( OWS "," [ OWS ] )
challenge ] )
auth-param = token "=" ( token / quoted-string ) auth-param = token "=" ( token / quoted-string )
auth-scheme = token auth-scheme = token
challenge = auth-scheme 1*SP *( "," OWS ) auth-param *( OWS "," [ OWS challenge = auth-scheme 1*SP *( "," OWS ) auth-param *( OWS "," [ OWS
auth-param ] ) auth-param ] )
credentials = auth-scheme ( token / quoted-string / [ ( "," / credentials = auth-scheme ( token / quoted-string / [ ( "," /
auth-param ) *( OWS "," [ OWS auth-param ] ) ] ) auth-param ) *( OWS "," [ OWS auth-param ] ) ] )
quoted-string = <quoted-string, defined in [Part1], Section 1.2.2> quoted-string = <quoted-string, defined in [Part1], Section 1.2.2>
skipping to change at page 13, line 46 skipping to change at page 13, line 41
token = <token, defined in [Part1], Section 1.2.2> token = <token, defined in [Part1], Section 1.2.2>
ABNF diagnostics: ABNF diagnostics:
; Authorization defined but not used ; Authorization defined but not used
; Proxy-Authenticate defined but not used ; Proxy-Authenticate defined but not used
; Proxy-Authorization defined but not used ; Proxy-Authorization defined but not used
; WWW-Authenticate defined but not used ; WWW-Authenticate defined but not used
; realm defined but not used ; realm defined but not used
Appendix B. Change Log (to be removed by RFC Editor before publication) Appendix C. Change Log (to be removed by RFC Editor before publication)
B.1. Since RFC 2616 C.1. Since RFC 2616
Extracted relevant partitions from [RFC2616]. Extracted relevant partitions from [RFC2616].
B.2. Since draft-ietf-httpbis-p7-auth-00 C.2. Since draft-ietf-httpbis-p7-auth-00
Closed issues: Closed issues:
o <http://tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative and o <http://tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative and
Informative references" Informative references"
B.3. Since draft-ietf-httpbis-p7-auth-01 C.3. Since draft-ietf-httpbis-p7-auth-01
Ongoing work on ABNF conversion Ongoing work on ABNF conversion
(<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
o Explicitly import BNF rules for "challenge" and "credentials" from o Explicitly import BNF rules for "challenge" and "credentials" from
RFC2617. RFC2617.
o Add explicit references to BNF syntax and rules imported from o Add explicit references to BNF syntax and rules imported from
other parts of the specification. other parts of the specification.
B.4. Since draft-ietf-httpbis-p7-auth-02 C.4. Since draft-ietf-httpbis-p7-auth-02
Ongoing work on IANA Message Header Field Registration Ongoing work on IANA Message Header Field Registration
(<http://tools.ietf.org/wg/httpbis/trac/ticket/40>): (<http://tools.ietf.org/wg/httpbis/trac/ticket/40>):
o Reference RFC 3984, and update header field registrations for o Reference RFC 3984, and update header field registrations for
header fields defined in this document. header fields defined in this document.
B.5. Since draft-ietf-httpbis-p7-auth-03 C.5. Since draft-ietf-httpbis-p7-auth-03
B.6. Since draft-ietf-httpbis-p7-auth-04 C.6. Since draft-ietf-httpbis-p7-auth-04
Ongoing work on ABNF conversion Ongoing work on ABNF conversion
(<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
o Use "/" instead of "|" for alternatives. o Use "/" instead of "|" for alternatives.
o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional o Introduce new ABNF rules for "bad" whitespace ("BWS"), optional
whitespace ("OWS") and required whitespace ("RWS"). whitespace ("OWS") and required whitespace ("RWS").
o Rewrite ABNFs to spell out whitespace rules, factor out header o Rewrite ABNFs to spell out whitespace rules, factor out header
field value format definitions. field value format definitions.
B.7. Since draft-ietf-httpbis-p7-auth-05 C.7. Since draft-ietf-httpbis-p7-auth-05
Final work on ABNF conversion Final work on ABNF conversion
(<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>):
o Add appendix containing collected and expanded ABNF, reorganize o Add appendix containing collected and expanded ABNF, reorganize
ABNF introduction. ABNF introduction.
B.8. Since draft-ietf-httpbis-p7-auth-06 C.8. Since draft-ietf-httpbis-p7-auth-06
None. None.
B.9. Since draft-ietf-httpbis-p7-auth-07 C.9. Since draft-ietf-httpbis-p7-auth-07
Closed issues: Closed issues:
o <http://tools.ietf.org/wg/httpbis/trac/ticket/198>: "move IANA o <http://tools.ietf.org/wg/httpbis/trac/ticket/198>: "move IANA
registrations for optional status codes" registrations for optional status codes"
B.10. Since draft-ietf-httpbis-p7-auth-08 C.10. Since draft-ietf-httpbis-p7-auth-08
No significant changes. No significant changes.
B.11. Since draft-ietf-httpbis-p7-auth-09 C.11. Since draft-ietf-httpbis-p7-auth-09
Partly resolved issues: Partly resolved issues:
o <http://tools.ietf.org/wg/httpbis/trac/ticket/196>: "Term for the o <http://tools.ietf.org/wg/httpbis/trac/ticket/196>: "Term for the
requested resource's URI" requested resource's URI"
B.12. Since draft-ietf-httpbis-p7-auth-10 C.12. Since draft-ietf-httpbis-p7-auth-10
None yet. None yet.
B.13. Since draft-ietf-httpbis-p7-auth-11 C.13. Since draft-ietf-httpbis-p7-auth-11
Closed issues: Closed issues:
o <http://tools.ietf.org/wg/httpbis/trac/ticket/130>: "introduction o <http://tools.ietf.org/wg/httpbis/trac/ticket/130>: "introduction
to part 7 is work-in-progress" to part 7 is work-in-progress"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/195>: "auth-param o <http://tools.ietf.org/wg/httpbis/trac/ticket/195>: "auth-param
syntax" syntax"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/224>: "Header o <http://tools.ietf.org/wg/httpbis/trac/ticket/224>: "Header
Classification" Classification"
o <http://tools.ietf.org/wg/httpbis/trac/ticket/237>: "absorbing the o <http://tools.ietf.org/wg/httpbis/trac/ticket/237>: "absorbing the
auth framework from 2617" auth framework from 2617"
Partly resolved issues: Partly resolved issues:
o <http://tools.ietf.org/wg/httpbis/trac/ticket/141>: "should we o <http://tools.ietf.org/wg/httpbis/trac/ticket/141>: "should we
have an auth scheme registry" have an auth scheme registry"
B.14. Since draft-ietf-httpbis-p7-auth-12 C.14. Since draft-ietf-httpbis-p7-auth-12
None. None.
C.15. Since draft-ietf-httpbis-p7-auth-13
Closed issues:
o <http://tools.ietf.org/wg/httpbis/trac/ticket/276>: "untangle
ABNFs for header fields"
Index Index
4 4
401 Unauthorized (status code) 7 401 Unauthorized (status code) 7
407 Proxy Authentication Required (status code) 7 407 Proxy Authentication Required (status code) 7
A A
auth-param 5 auth-param 5
auth-scheme 5 auth-scheme 5
Authorization header field 8 Authorization header field 8
C C
challenge 5 challenge 5
credentials 6 credentials 6
G G
Grammar Grammar
Authorization 8 Authorization 8
Authorization-v 8
Proxy-Authenticate 9 Proxy-Authenticate 9
Proxy-Authenticate-v 9
Proxy-Authorization 9 Proxy-Authorization 9
Proxy-Authorization-v 9
WWW-Authenticate 9 WWW-Authenticate 9
WWW-Authenticate-v 9
H H
Header Fields Header Fields
Authorization 8 Authorization 8
Proxy-Authenticate 9 Proxy-Authenticate 9
Proxy-Authorization 9 Proxy-Authorization 9
WWW-Authenticate 9 WWW-Authenticate 9
P P
Proxy-Authenticate header field 9 Proxy-Authenticate header field 9
 End of changes. 44 change blocks. 
72 lines changed or deleted 74 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/