Ticket #357: 357.diff

File 357.diff, 2.4 KB (added by julian.reschke@…, 7 years ago)

Proposed patch

  • p7-auth.xml

     
    311311  <x:ref>credentials</x:ref> = <x:ref>auth-scheme</x:ref> [ 1*<x:ref>SP</x:ref> ( <x:ref>b64token</x:ref> / #<x:ref>auth-param</x:ref> ) ]
    312312</artwork></figure>
    313313<t>
    314    If the origin server does not wish to accept the credentials sent
    315    with a request, it &SHOULD; return a 401 (Unauthorized) response. The
    316    response &MUST; include a WWW-Authenticate header field containing at
    317    least one (possibly new) challenge applicable to the requested
    318    resource.
     314   Requests for protected resources that omit credentials, contain invalid
     315   credentials (e.g., a bad password), or partial credentials (e.g., when the
     316   authentication scheme requires more than one round trip) &SHOULD; return a
     317   401 (Unauthorized) response. Such responses &MUST; include a
     318   WWW-Authenticate header field containing at least one (possibly new)
     319   challenge applicable to the requested resource.
    319320</t>
    320321<t>
    321    If a proxy does not accept the credentials sent with a request, it &SHOULD;
    322    return a 407 (Proxy Authentication Required) response. The
    323    response &MUST; include a Proxy-Authenticate header field containing a
    324    (possibly new) challenge applicable to the proxy for the requested
    325    resource.
     322   Likewise, requests that require authentication by proxies that omit
     323   credentials, or contain invalid or partial credentials &SHOULD; return a
     324   407 (Proxy Authentication Required) response. Such responses &MUST;
     325   include a Proxy-Authenticate header field containing a (possibly new)
     326   challenge applicable to the proxy.
    326327</t>
    327328<t>
     329   A server receiving credentials that are valid, but not adequate to gain
     330   access, ought to respond with the 403 (Forbidden) status code.
     331</t>
     332<t>
    328333   The HTTP protocol does not restrict applications to this simple
    329334   challenge-response mechanism for access authentication. Additional
    330335   mechanisms &MAY; be used, such as encryption at the transport level or
     
    11541159      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/349"/>:
    11551160      "Strength"
    11561161    </t>
     1162    <t>
     1163      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/357"/>:
     1164      "Authentication exchanges"
     1165    </t>
    11571166  </list>
    11581167</t>
    11591168</section>