Ticket #320: 320.diff

File 320.diff, 2.1 KB (added by julian.reschke@…, 8 years ago)

Proposed patch

  • p7-auth.xml

     
    508508    </x:lt>
    509509    <x:lt>
    510510    <t>
     511      The parsing of challenges and credentials is defined by this specification,
     512      and cannot be modified by new authentication schemes. When the auth-param
     513      syntax is used, all parameters ought to support both token and
     514      quoted-string syntax, and syntactical constraints ought to be defined on
     515      the field value after parsing (i.e., quoted-string processing). This is
     516      necessary so that recipients can use a generic parser that applies to
     517      all authentication schemes.
     518    </t>
     519    <t>
     520      <x:h>Note:</x:h> the fact that the value syntax for the "realm" parameter
     521      is restricted to quoted-string was a bad design choice not to be repeated
     522      for new parameters.
     523    </t>
     524    </x:lt>
     525    <x:lt>
     526    <t>
    511527      Authentication schemes need to document whether they are usable in
    512528      origin-server authentication (i.e., using WWW-Authenticate), and/or
    513529      proxy authentication (i.e., using Proxy-Authenticate).
     
    700716   contents of a challenge itself can contain a comma-separated list of
    701717   authentication parameters.
    702718</t>
     719<figure>
     720  <preamble>For instance:</preamble>
     721  <artwork type="example">
     722  WWW-Authenticate: Newauth realm="apps", type=1,
     723                    title="Login to \"apps\"", Basic realm="simple"
     724</artwork>
     725  <postamble>
     726  This header field contains two challenges; one for the "Newauth" scheme
     727  with a realm value of "apps", and two additional parameters "type" and
     728  "title", and another one for the "Basic" scheme with a realm value of "simple".
     729</postamble></figure>
    703730</section>
    704731
    705732</section>
     
    14121439      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/186"/>:
    14131440      "Document HTTP's error-handling philosophy"
    14141441    </t>
     1442    <t>
     1443      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/320"/>:
     1444      "add advice on defining auth scheme parameters"
     1445    </t>
    14151446  </list>
    14161447</t>
    14171448</section>