Ticket #271: 271-p7.diff

File 271-p7.diff, 2.7 KB (added by julian.reschke@…, 7 years ago)

Proposed patch for Part 7

  • p7-auth.xml

     
    310310  <x:ref>credentials</x:ref> = <x:ref>auth-scheme</x:ref> [ 1*<x:ref>SP</x:ref> ( <x:ref>b64token</x:ref> / #<x:ref>auth-param</x:ref> ) ]
    311311</artwork></figure>
    312312<t>
    313    Requests for protected resources that omit credentials, contain invalid
    314    credentials (e.g., a bad password), or partial credentials (e.g., when the
    315    authentication scheme requires more than one round trip) &SHOULD; return a
    316    401 (Unauthorized) response. Such responses &MUST; include a
    317    WWW-Authenticate header field containing at least one (possibly new)
    318    challenge applicable to the requested resource.
     313   Upon a request for a protected resource that omits credentials, contains
     314   invalid credentials (e.g., a bad password), or partial credentials (e.g.,
     315   when the authentication scheme requires more than one round trip), an origin
     316   server &SHOULD; return a 401 (Unauthorized) response. Such responses &MUST;
     317   include a WWW-Authenticate header field containing at least one (possibly
     318   new) challenge applicable to the requested resource.
    319319</t>
    320320<t>
    321    Likewise, requests that require authentication by proxies that omit
    322    credentials, or contain invalid or partial credentials &SHOULD; return a
    323    407 (Proxy Authentication Required) response. Such responses &MUST;
    324    include a Proxy-Authenticate header field containing a (possibly new)
    325    challenge applicable to the proxy.
     321   Likewise, upon a request that requires authentication by proxies that omit
     322   credentials, or contain invalid or partial credentials, a proxy &SHOULD;
     323   return a 407 (Proxy Authentication Required) response. Such responses
     324   &MUST; include a Proxy-Authenticate header field containing a (possibly
     325   new) challenge applicable to the proxy.
    326326</t>
    327327<t>
    328328   A server receiving credentials that are valid, but not adequate to gain
     
    597597</artwork></figure>
    598598<t>
    599599   Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to
    600    the current connection and &SHOULD-NOT;  be passed on to downstream
    601    clients. However, an intermediate proxy might need to obtain its own
    602    credentials by requesting them from the downstream client, which in
     600   the current connection, and intermediaries &SHOULD-NOT;  forward it to
     601   downstream clients. However, an intermediate proxy might need to obtain its
     602   own credentials by requesting them from the downstream client, which in
    603603   some circumstances will appear as if the proxy is forwarding the
    604604   Proxy-Authenticate header field.
    605605</t>