Ticket #320: 320.diff

p7-auth.xml

@@ -508 +508 @@
     </x:lt>
     <x:lt>
     <t>
+      The parsing of challenges and credentials is defined by this specification,
+      and cannot be modified by new authentication schemes. When the auth-param
+      syntax is used, all parameters ought to support both token and
+      quoted-string syntax, and syntactical constraints ought to be defined on
+      the field value after parsing (i.e., quoted-string processing). This is
+      necessary so that recipients can use a generic parser that applies to
+      all authentication schemes.
+    </t>
+    <t>
+      <x:h>Note:</x:h> the fact that the value syntax for the "realm" parameter
+      is restricted to quoted-string was a bad design choice not to be repeated
+      for new parameters.
+    </t>
+    </x:lt>
+    <x:lt>
+    <t>
       Authentication schemes need to document whether they are usable in
       origin-server authentication (i.e., using WWW-Authenticate), and/or
       proxy authentication (i.e., using Proxy-Authenticate).
@@ -700 +716 @@
    contents of a challenge itself can contain a comma-separated list of
    authentication parameters.
 </t>
+<figure>
+  <preamble>For instance:</preamble>
+  <artwork type="example">
+  WWW-Authenticate: Newauth realm="apps", type=1,
+                    title="Login to \"apps\"", Basic realm="simple"
+</artwork>
+  <postamble>
+  This header field contains two challenges; one for the "Newauth" scheme
+  with a realm value of "apps", and two additional parameters "type" and
+  "title", and another one for the "Basic" scheme with a realm value of "simple".
+</postamble></figure>
 </section>
 
 </section>
@@ -1412 +1439 @@
       <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/186"/>:
       "Document HTTP's error-handling philosophy"
     </t>
+    <t>
+      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/320"/>:
+      "add advice on defining auth scheme parameters"
+    </t>
   </list>
 </t>
 </section>