source: draft-ietf-httpbis-authscheme-registrations/05/draft-ietf-httpbis-authscheme-registrations-05.txt @ 2362

Last change on this file since 2362 was 1940, checked in by julian.reschke@…, 10 years ago

draft 05
  • Property svn:eol-style set to native
  • Property svn:executable set to *
File size: 8.5 KB
Line 
1
2
3
4HTTPbis Working Group                                         J. Reschke
5Internet-Draft                                                greenbytes
6Intended status: Informational                          October 13, 2012
7Expires: April 16, 2013
8
9
10               Initial Hypertext Transfer Protocol (HTTP)
11                  Authentication Scheme Registrations
12             draft-ietf-httpbis-authscheme-registrations-05
13
14Abstract
15
16   This document registers Hypertext Transfer Protocol (HTTP)
17   authentication schemes which have been defined in standards-track
18   RFCs before the IANA HTTP Authentication Scheme Registry was
19   established.
20
21Editorial Note (To be removed by RFC Editor)
22
23   Discussion of this draft takes place on the HTTPBIS working group
24   mailing list (ietf-http-wg@w3.org), which is archived at
25   <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
26
27   The current issues list is at <http://trac.tools.ietf.org/wg/httpbis/
28   trac/query?component=authscheme-registrations> and related documents
29   (including fancy diffs) can be found at
30   <http://tools.ietf.org/wg/httpbis/>.
31
32   The changes in this draft are summarized in Appendix B.5.
33
34Status of This Memo
35
36   This Internet-Draft is submitted in full conformance with the
37   provisions of BCP 78 and BCP 79.
38
39   Internet-Drafts are working documents of the Internet Engineering
40   Task Force (IETF).  Note that other groups may also distribute
41   working documents as Internet-Drafts.  The list of current Internet-
42   Drafts is at http://datatracker.ietf.org/drafts/current/.
43
44   Internet-Drafts are draft documents valid for a maximum of six months
45   and may be updated, replaced, or obsoleted by other documents at any
46   time.  It is inappropriate to use Internet-Drafts as reference
47   material or to cite them other than as "work in progress."
48
49   This Internet-Draft will expire on April 16, 2013.
50
51Copyright Notice
52
53
54
55Reschke                  Expires April 16, 2013                 [Page 1]
56
57Internet-Draft  HTTP Authentication Scheme Registrations    October 2012
58
59
60   Copyright (c) 2012 IETF Trust and the persons identified as the
61   document authors.  All rights reserved.
62
63   This document is subject to BCP 78 and the IETF Trust's Legal
64   Provisions Relating to IETF Documents
65   (http://trustee.ietf.org/license-info) in effect on the date of
66   publication of this document.  Please review these documents
67   carefully, as they describe your rights and restrictions with respect
68   to this document.  Code Components extracted from this document must
69   include Simplified BSD License text as described in Section 4.e of
70   the Trust Legal Provisions and are provided without warranty as
71   described in the Simplified BSD License.
72
73Table of Contents
74
75   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
76   2.  Security Considerations . . . . . . . . . . . . . . . . . . . . 3
77   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3
78   4.  Normative References  . . . . . . . . . . . . . . . . . . . . . 3
79   Appendix A.  Initial Registry Contents  . . . . . . . . . . . . . . 4
80   Appendix B.  Change Log (to be removed by RFC Editor before
81                publication) . . . . . . . . . . . . . . . . . . . . . 4
82     B.1.  Since draft-ietf-httpbis-authscheme-registrations-00  . . . 4
83     B.2.  Since draft-ietf-httpbis-authscheme-registrations-01  . . . 4
84     B.3.  Since draft-ietf-httpbis-authscheme-registrations-02  . . . 4
85     B.4.  Since draft-ietf-httpbis-authscheme-registrations-03  . . . 4
86     B.5.  Since draft-ietf-httpbis-authscheme-registrations-04  . . . 5
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111Reschke                  Expires April 16, 2013                 [Page 2]
112
113Internet-Draft  HTTP Authentication Scheme Registrations    October 2012
114
115
1161.  Introduction
117
118   This document registers Hypertext Transfer Protocol (HTTP)
119   authentication schemes which have been defined in standards-track
120   RFCs before the IANA HTTP Authentication Scheme Registry was
121   established.
122
1232.  Security Considerations
124
125   There are no security considerations related to the registration
126   itself.
127
1283.  IANA Considerations
129
130   Appendix A provides initial registrations of HTTP authentication
131   schemes for the IANA HTTP Authentication Scheme registry at
132   <http://www.iana.org/assignments/http-authschemes> (see Section 2.3
133   of [draft-ietf-httpbis-p7-auth]).
134
1354.  Normative References
136
137   [RFC2617]                     Franks, J., Hallam-Baker, P.,
138                                 Hostetler, J., Lawrence, S., Leach, P.,
139                                 Luotonen, A., and L. Stewart, "HTTP
140                                 Authentication: Basic and Digest Access
141                                 Authentication", RFC 2617, June 1999.
142
143   [RFC4559]                     Jaganathan, K., Zhu, L., and J. Brezak,
144                                 "SPNEGO-based Kerberos and NTLM HTTP
145                                 Authentication in Microsoft Windows",
146                                 RFC 4559, June 2006.
147
148   [RFC5849]                     Hammer-Lahav, E., "The OAuth 1.0
149                                 Protocol", RFC 5849, April 2010.
150
151   [RFC6750]                     Jones, M. and D. Hardt, "The OAuth 2.0
152                                 Authorization Framework: Bearer Token
153                                 Usage", RFC 6750, October 2012.
154
155   [draft-ietf-httpbis-p7-auth]  Fielding, R., Ed. and J. Reschke, Ed.,
156                                 "Hypertext Transfer Protocol
157                                 (HTTP/1.1): Authentication",
158                                 draft-ietf-httpbis-p7-auth-21 (work in
159                                 progress), October 2012.
160
161
162
163
164
165
166
167Reschke                  Expires April 16, 2013                 [Page 3]
168
169Internet-Draft  HTTP Authentication Scheme Registrations    October 2012
170
171
172Appendix A.  Initial Registry Contents
173
174   +----------------+------------+-------------------------------------+
175   | Authentication | Reference  | Notes                               |
176   | Scheme Name    |            |                                     |
177   +----------------+------------+-------------------------------------+
178   | Basic          | [RFC2617], |                                     |
179   |                | Section 2  |                                     |
180   | Bearer         | [RFC6750]  |                                     |
181   | Digest         | [RFC2617], |                                     |
182   |                | Section 3  |                                     |
183   | Negotiate      | [RFC4559], | This authentication scheme violates |
184   |                | Section 3  | both HTTP semantics (being          |
185   |                |            | connection-oriented) and syntax     |
186   |                |            | (use of syntax incompatible with    |
187   |                |            | the WWW-Authenticate and            |
188   |                |            | Authorization header field syntax). |
189   | OAuth          | [RFC5849], |                                     |
190   |                | Section    |                                     |
191   |                | 3.5.1      |                                     |
192   +----------------+------------+-------------------------------------+
193
194Appendix B.  Change Log (to be removed by RFC Editor before publication)
195
196B.1.  Since draft-ietf-httpbis-authscheme-registrations-00
197
198   Update draft-ietf-httpbis-p7-auth reference.
199
200B.2.  Since draft-ietf-httpbis-authscheme-registrations-01
201
202   Update draft-ietf-httpbis-p7-auth reference.
203
204   Closed issues:
205
206   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/308>: "need to
207      reserve 'negotiate' as auth scheme name"
208
209B.3.  Since draft-ietf-httpbis-authscheme-registrations-02
210
211   Update draft-ietf-httpbis-p7-auth reference.
212
213B.4.  Since draft-ietf-httpbis-authscheme-registrations-03
214
215   Update draft-ietf-httpbis-p7-auth reference.
216
217
218
219
220
221
222
223Reschke                  Expires April 16, 2013                 [Page 4]
224
225Internet-Draft  HTTP Authentication Scheme Registrations    October 2012
226
227
228B.5.  Since draft-ietf-httpbis-authscheme-registrations-04
229
230   Closed issues:
231
232   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/382>: "add OAuth
233      auth scheme to initial registry contents"
234
235   Update draft-ietf-httpbis-p7-auth reference.  Added OAuth 2.0 Bearer
236   scheme.
237
238Author's Address
239
240   Julian F. Reschke
241   greenbytes GmbH
242   Hafenweg 16
243   Muenster, NW  48155
244   Germany
245
246   EMail: julian.reschke@greenbytes.de
247   URI:   http://greenbytes.de/tech/webdav/
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279Reschke                  Expires April 16, 2013                 [Page 5]
280
Note: See TracBrowser for help on using the repository browser.