Ticket #257: 257.diff

File 257.diff, 3.0 KB (added by julian.reschke@…, 9 years ago)

proposed change for p7 (work in progress)

  • p7-auth.xml

     
    1919  <!ENTITY notation-abnf                "<xref target='Part1' x:rel='#notation.abnf' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2020  <!ENTITY basic-rules                  "<xref target='Part1' x:rel='#basic.rules' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2121  <!ENTITY effective-request-uri        "<xref target='Part1' x:rel='#effective.request.uri' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
     22  <!ENTITY msg-orient-and-buffering     "<xref target='Part1' x:rel='#message-orientation-and-buffering' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2223  <!ENTITY end-to-end.and-hop-by-hop    "<xref target='Part1' x:rel='#end-to-end.and.hop-by-hop.header-fields' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2324  <!ENTITY shared-and-non-shared-caches "<xref target='Part6' x:rel='#shared.and.non-shared.caches' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2425]>
     
    439440<t>
    440441  The registry itself is maintained at <eref target="http://www.iana.org/assignments/http-authschemes"/>.
    441442</t>
     443
     444<section title="Considerations for New Authentication Schemes" anchor="considerations.for.new.authentication.schemes">
     445<t>
     446  There are certain aspects of the HTTP Authentication Framework that constrain
     447  how new schemes can be defined:
     448</t>
     449<t>
     450  <list style="symbols">
     451    <t>
     452      Authentication schemes need to be compatible with the inherent
     453      constraints of HTTP; for instance, that messages need to keep their
     454      semantics when inspected in isolation, thus an authentication scheme
     455      can not bind information to the TCP session over which the message
     456      was received (see &msg-orient-and-buffering;).
     457    </t>
     458    <t>
     459      The authentication parameter "realm" is reserved for defining Protection
     460      Spaces as defined in <xref target="protection.space"/>. New schemes
     461      &MUST-NOT; use it in a way incompatible with that definition.
     462    </t>
     463    <t>
     464      Authentication schemes need to document whther they are usable in
     465      origin-server authentication (i.e., using WWW-Authenticate), and/or
     466      proxy authentication (i.e., using Proxy-Authenticate).
     467    </t>   
     468    <!-- note about Authorization header -->
     469  </list>
     470</t>
    442471</section>
    443472
    444473</section>
    445474
     475</section>
     476
    446477<section title="Status Code Definitions" anchor="status.code.definitions">
    447478<section title="401 Unauthorized" anchor="status.401">
    448479  <iref primary="true" item="401 Unauthorized (status code)" x:for-anchor=""/>
     
    12201251
    12211252<section title="Since draft-ietf-httpbis-p7-auth-15" anchor="changes.since.15">
    12221253<t>
    1223   None yet.
     1254  Closed issues:
     1255  <list style="symbols">
     1256    <t>
     1257      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/257"/>:
     1258      "Considerations for new authentications schemes"
     1259    </t>
     1260  </list>
    12241261</t>
    12251262</section>
    12261263