Changeset 28


Ignore:
Timestamp:
19/09/13 18:05:56 (8 years ago)
Author:
julian.reschke@…
Message:

add ABNF ref and fix ABNF

Location:
draft-ietf-httpauth-basicauth-update/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpauth-basicauth-update/latest/draft-ietf-httpauth-basicauth-update.html

    r26 r28  
    439439  }
    440440  @bottom-center {
    441        content: "Expires March 22, 2014";
     441       content: "Expires March 23, 2014";
    442442  }
    443443  @bottom-right {
     
    462462      <link rel="Index" href="#rfc.index">
    463463      <link rel="Chapter" title="1 Introduction" href="#rfc.section.1">
    464       <link rel="Chapter" title="2 Notational Conventions" href="#rfc.section.2">
    465       <link rel="Chapter" title="3 The 'Basic' Authentication Scheme" href="#rfc.section.3">
    466       <link rel="Chapter" title="4 Security Considerations" href="#rfc.section.4">
    467       <link rel="Chapter" title="5 IANA Considerations" href="#rfc.section.5">
    468       <link rel="Chapter" title="6 Acknowledgements" href="#rfc.section.6">
    469       <link rel="Chapter" href="#rfc.section.7" title="7 References">
     464      <link rel="Chapter" title="2 The 'Basic' Authentication Scheme" href="#rfc.section.2">
     465      <link rel="Chapter" title="3 Security Considerations" href="#rfc.section.3">
     466      <link rel="Chapter" title="4 IANA Considerations" href="#rfc.section.4">
     467      <link rel="Chapter" title="5 Acknowledgements" href="#rfc.section.5">
     468      <link rel="Chapter" href="#rfc.section.6" title="6 References">
    470469      <link rel="Appendix" title="A Change Log (to be removed by RFC Editor before publication)" href="#rfc.section.A">
    471470      <meta name="generator" content="http://greenbytes.de/tech/webdav/rfc2629.xslt, Revision 1.599, 2013/08/29 10:34:28, XSLT vendor: SAXON 8.9 from Saxonica http://www.saxonica.com/">
     
    473472      <meta name="dct.creator" content="Reschke, J. F.">
    474473      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpauth-basicauth-update-latest">
    475       <meta name="dct.issued" scheme="ISO8601" content="2013-09-18">
     474      <meta name="dct.issued" scheme="ISO8601" content="2013-09-19">
    476475      <meta name="dct.abstract" content="This document defines the &#34;Basic&#34; Hypertext Transfer Protocol (HTTP) Authentication Scheme.">
    477476      <meta name="description" content="This document defines the &#34;Basic&#34; Hypertext Transfer Protocol (HTTP) Authentication Scheme.">
     
    491490               <td class="left">Updates: <a href="http://tools.ietf.org/html/rfc2617">2617</a> (if approved)
    492491               </td>
    493                <td class="right">September 18, 2013</td>
     492               <td class="right">September 19, 2013</td>
    494493            </tr>
    495494            <tr>
     
    498497            </tr>
    499498            <tr>
    500                <td class="left">Expires: March 22, 2014</td>
     499               <td class="left">Expires: March 23, 2014</td>
    501500               <td class="right"></td>
    502501            </tr>
     
    522521         in progress”.
    523522      </p>
    524       <p>This Internet-Draft will expire on March 22, 2014.</p>
     523      <p>This Internet-Draft will expire on March 23, 2014.</p>
    525524      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    526525      <p>Copyright © 2013 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    540539      <h1 class="np" id="rfc.toc"><a href="#rfc.toc">Table of Contents</a></h1>
    541540      <ul class="toc">
    542          <li><a href="#rfc.section.1">1.</a>&nbsp;&nbsp;&nbsp;<a href="#introduction">Introduction</a></li>
    543          <li><a href="#rfc.section.2">2.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.2">Notational Conventions</a></li>
    544          <li><a href="#rfc.section.3">3.</a>&nbsp;&nbsp;&nbsp;<a href="#basic.authentication.scheme">The 'Basic' Authentication Scheme</a></li>
    545          <li><a href="#rfc.section.4">4.</a>&nbsp;&nbsp;&nbsp;<a href="#security.considerations">Security Considerations</a></li>
    546          <li><a href="#rfc.section.5">5.</a>&nbsp;&nbsp;&nbsp;<a href="#iana.considerations">IANA Considerations</a></li>
    547          <li><a href="#rfc.section.6">6.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.6">Acknowledgements</a></li>
    548          <li><a href="#rfc.section.7">7.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.references">References</a><ul>
    549                <li><a href="#rfc.section.7.1">7.1</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.references.1">Normative References</a></li>
    550                <li><a href="#rfc.section.7.2">7.2</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.references.2">Informative References</a></li>
     541         <li><a href="#rfc.section.1">1.</a>&nbsp;&nbsp;&nbsp;<a href="#introduction">Introduction</a><ul>
     542               <li><a href="#rfc.section.1.1">1.1</a>&nbsp;&nbsp;&nbsp;<a href="#notational.conventions">Notational Conventions</a><ul>
     543                     <li><a href="#rfc.section.1.1.1">1.1.1</a>&nbsp;&nbsp;&nbsp;<a href="#syntax.notation">Syntax Notation</a></li>
     544                  </ul>
     545               </li>
     546            </ul>
     547         </li>
     548         <li><a href="#rfc.section.2">2.</a>&nbsp;&nbsp;&nbsp;<a href="#basic.authentication.scheme">The 'Basic' Authentication Scheme</a></li>
     549         <li><a href="#rfc.section.3">3.</a>&nbsp;&nbsp;&nbsp;<a href="#security.considerations">Security Considerations</a></li>
     550         <li><a href="#rfc.section.4">4.</a>&nbsp;&nbsp;&nbsp;<a href="#iana.considerations">IANA Considerations</a></li>
     551         <li><a href="#rfc.section.5">5.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.section.5">Acknowledgements</a></li>
     552         <li><a href="#rfc.section.6">6.</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.references">References</a><ul>
     553               <li><a href="#rfc.section.6.1">6.1</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.references.1">Normative References</a></li>
     554               <li><a href="#rfc.section.6.2">6.2</a>&nbsp;&nbsp;&nbsp;<a href="#rfc.references.2">Informative References</a></li>
    551555            </ul>
    552556         </li>
     
    619623      <p id="rfc.section.1.p.3">Other documents updating RFC 2617 are "Hypertext Transfer Protocol (HTTP/1.1): Authentication" (<a href="#draft-ietf-httpbis-p7-auth"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Authentication">[draft-ietf-httpbis-p7-auth]</cite></a>, defining the authentication framework) and "HTTP Digest Update" (<a href="#draft-ietf-httpauth-digest-update"><cite title="HTTP Digest Update">[draft-ietf-httpauth-digest-update]</cite></a>, updating the definition of the '"Digest" authentication scheme).
    620624      </p>
    621       <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;Notational Conventions
    622       </h1>
    623       <p id="rfc.section.2.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
     625      <h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a>&nbsp;<a id="notational.conventions" href="#notational.conventions">Notational Conventions</a></h2>
     626      <p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
    624627         in this document are to be interpreted as described in <a href="#RFC2119"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>.
    625628      </p>
    626       <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="basic.authentication.scheme" href="#basic.authentication.scheme">The 'Basic' Authentication Scheme</a></h1>
     629      <h3 id="rfc.section.1.1.1"><a href="#rfc.section.1.1.1">1.1.1</a>&nbsp;<a id="syntax.notation" href="#syntax.notation">Syntax Notation</a></h3>
     630      <p id="rfc.section.1.1.1.p.1">This specification uses the Augmented Backus-Naur Form (ABNF) notation of <a href="#RFC5234"><cite title="Augmented BNF for Syntax Specifications: ABNF">[RFC5234]</cite></a>.
     631      </p>
     632      <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="basic.authentication.scheme" href="#basic.authentication.scheme">The 'Basic' Authentication Scheme</a></h1>
    627633      <table class="openissue">
    628634         <tr>
     
    660666         </tr>
    661667      </table>
    662       <p id="rfc.section.3.p.1">The "basic" authentication scheme is based on the model that the client must authenticate itself with a user-ID and a password
     668      <p id="rfc.section.2.p.1">The "basic" authentication scheme is based on the model that the client must authenticate itself with a user-ID and a password
    663669         for each realm. The realm value should be considered an opaque string which can only be compared for equality with other realms
    664670         on that server. The server will service the request only if it can validate the user-ID and password for the protection space
    665671         of the Request-URI. There are no optional authentication parameters.
    666672      </p>
    667       <p id="rfc.section.3.p.2">For Basic, the framework above is utilized as follows:</p>
     673      <p id="rfc.section.2.p.2">For Basic, the framework above is utilized as follows:</p>
    668674      <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.c.1"></span><span id="rfc.iref.c.2"></span>   challenge   = "Basic" realm
    669675   credentials = "Basic" basic-credentials
    670 </pre><p id="rfc.section.3.p.4">Upon receipt of an unauthorized request for a URI within the protection space, the origin server <em class="bcp14">MAY</em> respond with a challenge like the following:
     676</pre><p id="rfc.section.2.p.4">Upon receipt of an unauthorized request for a URI within the protection space, the origin server <em class="bcp14">MAY</em> respond with a challenge like the following:
    671677      </p>
    672678      <div id="rfc.figure.u.2"></div><pre class="text">   WWW-Authenticate: Basic realm="WallyWorld"
    673 </pre><p id="rfc.section.3.p.6">where "WallyWorld" is the string assigned by the server to identify the protection space of the Request-URI. A proxy may respond
     679</pre><p id="rfc.section.2.p.6">where "WallyWorld" is the string assigned by the server to identify the protection space of the Request-URI. A proxy may respond
    674680         with the same challenge using the Proxy-Authenticate header field.
    675681      </p>
    676       <p id="rfc.section.3.p.7">To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a
     682      <p id="rfc.section.2.p.7">To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a
    677683         base64 encoded string in the credentials (<a href="#RFC4648"><cite title="The Base16, Base32, and Base64 Data Encodings">[RFC4648]</cite></a>, <a href="http://tools.ietf.org/html/rfc4648#section-4">Section 4</a>).
    678684      </p>
    679685      <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.b.1"></span><span id="rfc.iref.b.2"></span><span id="rfc.iref.u.1"></span><span id="rfc.iref.u.2"></span><span id="rfc.iref.p.1"></span>   basic-credentials = base64-user-pass
    680    base64-user-pass  = &lt;base64 <a href="#RFC4648"><cite title="The Base16, Base32, and Base64 Data Encodings">[RFC4648]</cite></a> encoding of user-pass,
    681                     except not limited to 76 char/line&gt;
     686   base64-user-pass  = &lt;base64 encoded user-pass&gt;
     687                     ; <a href="#RFC4648"><cite title="The Base16, Base32, and Base64 Data Encodings">[RFC4648]</cite></a> encoding of user-pass,
     688                     ; except not limited to 76 char/line
    682689   user-pass   = userid ":" password
    683690   userid      = *&lt;TEXT excluding ":"&gt;
    684691   password    = *TEXT
    685 </pre><p id="rfc.section.3.p.9">Userids might be case sensitive.</p>
    686       <p id="rfc.section.3.p.10">If the user agent wishes to send the userid "Aladdin" and password "open sesame", it would use the following header field:</p>
     692</pre><p id="rfc.section.2.p.9">Userids might be case sensitive.</p>
     693      <p id="rfc.section.2.p.10">If the user agent wishes to send the userid "Aladdin" and password "open sesame", it would use the following header field:</p>
    687694      <div id="rfc.figure.u.4"></div><pre class="text">   Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
    688 </pre><p id="rfc.section.3.p.12">A client <em class="bcp14">SHOULD</em> assume that all paths at or deeper than the depth of the last symbolic element in the path field of the Request-URI also are
     695</pre><p id="rfc.section.2.p.12">A client <em class="bcp14">SHOULD</em> assume that all paths at or deeper than the depth of the last symbolic element in the path field of the Request-URI also are
    689696         within the protection space specified by the Basic realm value of the current challenge. A client <em class="bcp14">MAY</em> preemptively send the corresponding Authorization header with requests for resources in that space without receipt of another
    690697         challenge from the server. Similarly, when a client sends a request to a proxy, it may reuse a userid and password in the
    691          Proxy-Authorization header field without receiving another challenge from the proxy server. See <a href="#security.considerations" title="Security Considerations">Section&nbsp;4</a> for security considerations associated with Basic authentication.
    692       </p>
    693       <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
    694       <p id="rfc.section.4.p.1">The Basic authentication scheme is not a secure method of user authentication, nor does it in any way protect the entity,
     698         Proxy-Authorization header field without receiving another challenge from the proxy server. See <a href="#security.considerations" title="Security Considerations">Section&nbsp;3</a> for security considerations associated with Basic authentication.
     699      </p>
     700      <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="security.considerations" href="#security.considerations">Security Considerations</a></h1>
     701      <p id="rfc.section.3.p.1">The Basic authentication scheme is not a secure method of user authentication, nor does it in any way protect the entity,
    695702         which is transmitted in cleartext across the physical network used as the carrier. HTTP does not prevent the addition of enhancements
    696703         (such as schemes to use one-time passwords) to Basic authentication.
    697704      </p>
    698       <p id="rfc.section.4.p.2">The most serious flaw in Basic authentication is that it results in the essentially cleartext transmission of the user's password
     705      <p id="rfc.section.3.p.2">The most serious flaw in Basic authentication is that it results in the essentially cleartext transmission of the user's password
    699706         over the physical network. Many other authentication schemes address this problem.
    700707      </p>
    701       <p id="rfc.section.4.p.3">Because Basic authentication involves the cleartext transmission of passwords it <em class="bcp14">SHOULD NOT</em> be used (without enhancements) to protect sensitive or valuable information.
    702       </p>
    703       <p id="rfc.section.4.p.4">A common use of Basic authentication is for identification purposes — requiring the user to provide a user name and password
     708      <p id="rfc.section.3.p.3">Because Basic authentication involves the cleartext transmission of passwords it <em class="bcp14">SHOULD NOT</em> be used (without enhancements) to protect sensitive or valuable information.
     709      </p>
     710      <p id="rfc.section.3.p.4">A common use of Basic authentication is for identification purposes — requiring the user to provide a user name and password
    704711         as a means of identification, for example, for purposes of gathering accurate usage statistics on a server. When used in this
    705712         way it is tempting to think that there is no danger in its use if illicit access to the protected documents is not a major
     
    708715         the task of maintaining multiple passwords.
    709716      </p>
    710       <p id="rfc.section.4.p.5">If a server permits users to select their own passwords, then the threat is not only unauthorized access to documents on the
     717      <p id="rfc.section.3.p.5">If a server permits users to select their own passwords, then the threat is not only unauthorized access to documents on the
    711718         server but also unauthorized access to any other resources on other systems that the user protects with the same password.
    712719         Furthermore, in the server's password database, many of the passwords may also be users' passwords for other sites. The owner
     
    714721         those sites if this information is not maintained in a secure fashion.
    715722      </p>
    716       <p id="rfc.section.4.p.6">Basic Authentication is also vulnerable to spoofing by counterfeit servers. If a user can be led to believe that he is connecting
     723      <p id="rfc.section.3.p.6">Basic Authentication is also vulnerable to spoofing by counterfeit servers. If a user can be led to believe that he is connecting
    717724         to a host containing information protected by Basic authentication when, in fact, he is connecting to a hostile server or
    718725         gateway, then the attacker can request a password, store it for later use, and feign an error. This type of attack is not
     
    722729         by the client.
    723730      </p>
    724       <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a>&nbsp;<a id="iana.considerations" href="#iana.considerations">IANA Considerations</a></h1>
    725       <p id="rfc.section.5.p.1">IANA maintains the registry of HTTP Authentication Schemes (<a href="#draft-ietf-httpbis-p7-auth"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Authentication">[draft-ietf-httpbis-p7-auth]</cite></a>) at &lt;<a href="http://www.iana.org/assignments/http-authschemes">http://www.iana.org/assignments/http-authschemes</a>&gt;.
    726       </p>
    727       <p id="rfc.section.5.p.2">The entry for the "Basic" Authentication Scheme shall be updated with a pointer to this specification.</p>
    728       <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a>&nbsp;Acknowledgements
     731      <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a>&nbsp;<a id="iana.considerations" href="#iana.considerations">IANA Considerations</a></h1>
     732      <p id="rfc.section.4.p.1">IANA maintains the registry of HTTP Authentication Schemes (<a href="#draft-ietf-httpbis-p7-auth"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Authentication">[draft-ietf-httpbis-p7-auth]</cite></a>) at &lt;<a href="http://www.iana.org/assignments/http-authschemes">http://www.iana.org/assignments/http-authschemes</a>&gt;.
     733      </p>
     734      <p id="rfc.section.4.p.2">The entry for the "Basic" Authentication Scheme shall be updated with a pointer to this specification.</p>
     735      <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a>&nbsp;Acknowledgements
    729736      </h1>
    730       <p id="rfc.section.6.p.1">This specification takes over the definition of the "Basic" HTTP Authentication Scheme, previously defined in RFC 2617. We
     737      <p id="rfc.section.5.p.1">This specification takes over the definition of the "Basic" HTTP Authentication Scheme, previously defined in RFC 2617. We
    731738         thank John Franks, Phillip M. Hallam-Baker, Jeffery L. Hostetler, Scott D. Lawrence, Paul J. Leach, Ari Luotonen, and Lawrence
    732739         C. Stewart for their work on that specification, from which significant amounts of text was borrowed. See <a href="http://tools.ietf.org/html/rfc2617#section-6">Section 6</a> of <a href="#RFC2617"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a> for further acknowledgements.
    733740      </p>
    734       <h1 id="rfc.references"><a id="rfc.section.7" href="#rfc.section.7">7.</a> References
     741      <h1 id="rfc.references"><a id="rfc.section.6" href="#rfc.section.6">6.</a> References
    735742      </h1>
    736       <h2 id="rfc.references.1"><a href="#rfc.section.7.1" id="rfc.section.7.1">7.1</a> Normative References
     743      <h2 id="rfc.references.1"><a href="#rfc.section.6.1" id="rfc.section.6.1">6.1</a> Normative References
    737744      </h2>
    738745      <table>
     
    748755         </tr>
    749756         <tr>
     757            <td class="reference"><b id="RFC5234">[RFC5234]</b></td>
     758            <td class="top"><a href="mailto:dcrocker@bbiw.net" title="Brandenburg InternetWorking">Crocker, D., Ed.</a> and <a href="mailto:paul.overell@thus.net" title="THUS plc.">P. Overell</a>, “<a href="http://tools.ietf.org/html/rfc5234">Augmented BNF for Syntax Specifications: ABNF</a>”, STD&nbsp;68, RFC&nbsp;5234, January&nbsp;2008.
     759            </td>
     760         </tr>
     761         <tr>
    750762            <td class="reference"><b id="draft-ietf-httpbis-p7-auth">[draft-ietf-httpbis-p7-auth]</b></td>
    751763            <td class="top">Fielding, R., Ed. and J. Reschke, Ed., “<a href="http://tools.ietf.org/html/draft-ietf-httpbis-p7-auth-23">Hypertext Transfer Protocol (HTTP/1.1): Authentication</a>”, Internet-Draft&nbsp;draft-ietf-httpbis-p7-auth-23 (work in progress), July&nbsp;2013.
     
    753765         </tr>
    754766      </table>
    755       <h2 id="rfc.references.2"><a href="#rfc.section.7.2" id="rfc.section.7.2">7.2</a> Informative References
     767      <h2 id="rfc.references.2"><a href="#rfc.section.6.2" id="rfc.section.6.2">6.2</a> Informative References
    756768      </h2>
    757769      <table>
     
    790802         <ul class="ind">
    791803            <li><a id="rfc.index.B" href="#rfc.index.B"><b>B</b></a><ul>
    792                   <li><tt>base64-user-pass</tt>&nbsp;&nbsp;<a href="#rfc.iref.b.2"><b>3</b></a></li>
    793                   <li><tt>basic-credentials</tt>&nbsp;&nbsp;<a href="#rfc.iref.b.1"><b>3</b></a></li>
     804                  <li><tt>base64-user-pass</tt>&nbsp;&nbsp;<a href="#rfc.iref.b.2"><b>2</b></a></li>
     805                  <li><tt>basic-credentials</tt>&nbsp;&nbsp;<a href="#rfc.iref.b.1"><b>2</b></a></li>
    794806               </ul>
    795807            </li>
    796808            <li><a id="rfc.index.C" href="#rfc.index.C"><b>C</b></a><ul>
    797                   <li>challenge&nbsp;&nbsp;<a href="#rfc.iref.c.1">3</a></li>
    798                   <li>credentials&nbsp;&nbsp;<a href="#rfc.iref.c.2">3</a></li>
     809                  <li>challenge&nbsp;&nbsp;<a href="#rfc.iref.c.1">2</a></li>
     810                  <li>credentials&nbsp;&nbsp;<a href="#rfc.iref.c.2">2</a></li>
    799811               </ul>
    800812            </li>
    801813            <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul>
    802                   <li><tt>password</tt>&nbsp;&nbsp;<a href="#rfc.iref.p.1"><b>3</b></a></li>
     814                  <li><tt>password</tt>&nbsp;&nbsp;<a href="#rfc.iref.p.1"><b>2</b></a></li>
    803815               </ul>
    804816            </li>
    805817            <li><a id="rfc.index.U" href="#rfc.index.U"><b>U</b></a><ul>
    806                   <li><tt>user-pass</tt>&nbsp;&nbsp;<a href="#rfc.iref.u.1"><b>3</b></a></li>
    807                   <li><tt>userid</tt>&nbsp;&nbsp;<a href="#rfc.iref.u.2"><b>3</b></a></li>
     818                  <li><tt>user-pass</tt>&nbsp;&nbsp;<a href="#rfc.iref.u.1"><b>2</b></a></li>
     819                  <li><tt>userid</tt>&nbsp;&nbsp;<a href="#rfc.iref.u.2"><b>2</b></a></li>
    808820               </ul>
    809821            </li>
  • draft-ietf-httpauth-basicauth-update/latest/draft-ietf-httpauth-basicauth-update.xml

    r27 r28  
    100100  updating the definition of the '"Digest" authentication scheme).
    101101</t>
    102 </section> 
    103 
    104 <section title="Notational Conventions">
     102
     103<section title="Notational Conventions"  anchor="notational.conventions">
    105104<t>
    106105  The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
     
    108107  are to be interpreted as described in <xref target="RFC2119"/>.
    109108</t>
     109
     110<section title="Syntax Notation" anchor="syntax.notation">
     111<t>
     112   This specification uses the Augmented Backus-Naur Form (ABNF) notation
     113   of <xref target="RFC5234"/>.
     114</t>
     115</section>
     116
     117</section> 
    110118</section> 
    111119
     
    134142   For Basic, the framework above is utilized as follows:
    135143</t>
    136 <figure><artwork type="abnf2616"><iref item="challenge"/><iref item="credentials"/>
     144<figure><artwork type="abnf"><iref item="challenge"/><iref item="credentials"/>
    137145   challenge   = "Basic" realm
    138146   credentials = "Basic" basic-credentials
     
    156164   encoded string in the credentials (<xref target="RFC4648" x:fmt="," x:sec="4"/>).
    157165</t>
    158 <figure><artwork type="abnf2616"><iref item="basic-credentials" primary="true"
     166<figure><artwork type="abnf"><iref item="basic-credentials" primary="true"
    159167/><iref item="base64-user-pass" primary="true"
    160168/><iref item="user-pass" primary="true"
     
    162170/><iref item="password" primary="true"/>
    163171   basic-credentials = base64-user-pass
    164    base64-user-pass  = &lt;base64 <xref target="RFC4648"/> encoding of user-pass,
    165                     except not limited to 76 char/line>
     172   base64-user-pass  = &lt;base64 encoded user-pass>
     173                     ; <xref target="RFC4648"/> encoding of user-pass,
     174                     ; except not limited to 76 char/line
    166175   user-pass   = userid ":" password
    167176   userid      = *&lt;TEXT excluding ":">
     
    296305  </reference>
    297306 
     307  <reference anchor="RFC5234">
     308    <front>
     309      <title abbrev="ABNF for Syntax Specifications">Augmented BNF for Syntax Specifications: ABNF</title>
     310      <author initials="D." surname="Crocker" fullname="Dave Crocker" role="editor">
     311        <organization>Brandenburg InternetWorking</organization>
     312        <address>
     313          <email>dcrocker@bbiw.net</email>
     314        </address> 
     315      </author>
     316      <author initials="P." surname="Overell" fullname="Paul Overell">
     317        <organization>THUS plc.</organization>
     318        <address>
     319          <email>paul.overell@thus.net</email>
     320        </address>
     321      </author>
     322      <date month="January" year="2008"/>
     323    </front>
     324    <seriesInfo name="STD" value="68"/>
     325    <seriesInfo name="RFC" value="5234"/>
     326  </reference>
     327
    298328  <reference anchor="draft-ietf-httpbis-p7-auth">
    299329    <front>
Note: See TracChangeset for help on using the changeset viewer.