source: draft-ietf-httpbis-authscheme-registrations/09/draft-ietf-httpbis-authscheme-registrations-09.txt @ 2734

Last change on this file since 2734 was 2498, checked in by julian.reschke@…, 8 years ago

Update references to -25.

  • Property svn:eol-style set to native
File size: 7.5 KB
Line 
1
2
3
4HTTPbis Working Group                                         J. Reschke
5Internet-Draft                                                greenbytes
6Intended status: Informational                         November 17, 2013
7Expires: May 21, 2014
8
9
10               Initial Hypertext Transfer Protocol (HTTP)
11                  Authentication Scheme Registrations
12             draft-ietf-httpbis-authscheme-registrations-09
13
14Abstract
15
16   This document registers Hypertext Transfer Protocol (HTTP)
17   authentication schemes which have been defined in standards-track
18   RFCs before the IANA HTTP Authentication Scheme Registry was
19   established.
20
21Editorial Note (To be removed by RFC Editor)
22
23   Discussion of this draft takes place on the HTTPBIS working group
24   mailing list (ietf-http-wg@w3.org), which is archived at
25   <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
26
27   The current issues list is at <http://trac.tools.ietf.org/wg/httpbis/
28   trac/query?component=authscheme-registrations> and related documents
29   (including fancy diffs) can be found at
30   <http://tools.ietf.org/wg/httpbis/>.
31
32   The changes in this draft are summarized in Appendix A.1.
33
34Status of This Memo
35
36   This Internet-Draft is submitted in full conformance with the
37   provisions of BCP 78 and BCP 79.
38
39   Internet-Drafts are working documents of the Internet Engineering
40   Task Force (IETF).  Note that other groups may also distribute
41   working documents as Internet-Drafts.  The list of current Internet-
42   Drafts is at http://datatracker.ietf.org/drafts/current/.
43
44   Internet-Drafts are draft documents valid for a maximum of six months
45   and may be updated, replaced, or obsoleted by other documents at any
46   time.  It is inappropriate to use Internet-Drafts as reference
47   material or to cite them other than as "work in progress."
48
49   This Internet-Draft will expire on May 21, 2014.
50
51Copyright Notice
52
53
54
55Reschke                   Expires May 21, 2014                  [Page 1]
56
57Internet-Draft  HTTP Authentication Scheme Registrations   November 2013
58
59
60   Copyright (c) 2013 IETF Trust and the persons identified as the
61   document authors.  All rights reserved.
62
63   This document is subject to BCP 78 and the IETF Trust's Legal
64   Provisions Relating to IETF Documents
65   (http://trustee.ietf.org/license-info) in effect on the date of
66   publication of this document.  Please review these documents
67   carefully, as they describe your rights and restrictions with respect
68   to this document.  Code Components extracted from this document must
69   include Simplified BSD License text as described in Section 4.e of
70   the Trust Legal Provisions and are provided without warranty as
71   described in the Simplified BSD License.
72
73Table of Contents
74
75   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
76   2.  Security Considerations . . . . . . . . . . . . . . . . . . . . 3
77   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3
78   4.  Normative References  . . . . . . . . . . . . . . . . . . . . . 3
79   Appendix A.  Change Log (to be removed by RFC Editor before
80                publication) . . . . . . . . . . . . . . . . . . . . . 4
81     A.1.  Since draft-ietf-httpbis-authscheme-registrations-08  . . . 4
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111Reschke                   Expires May 21, 2014                  [Page 2]
112
113Internet-Draft  HTTP Authentication Scheme Registrations   November 2013
114
115
1161.  Introduction
117
118   This document registers Hypertext Transfer Protocol (HTTP)
119   authentication schemes which have been defined in standards-track
120   RFCs before the IANA HTTP Authentication Scheme Registry was
121   established.
122
1232.  Security Considerations
124
125   There are no security considerations related to the registration
126   itself.
127
1283.  IANA Considerations
129
130   The table below provides registrations of HTTP authentication schemes
131   to be added to the IANA HTTP Authentication Scheme registry at
132   <http://www.iana.org/assignments/http-authschemes> (see Section 5.1
133   of [draft-ietf-httpbis-p7-auth]).
134
135   +----------------+------------+-------------------------------------+
136   | Authentication | Reference  | Notes                               |
137   | Scheme Name    |            |                                     |
138   +----------------+------------+-------------------------------------+
139   | Basic          | [RFC2617], |                                     |
140   |                | Section 2  |                                     |
141   | Bearer         | [RFC6750]  |                                     |
142   | Digest         | [RFC2617], |                                     |
143   |                | Section 3  |                                     |
144   | Negotiate      | [RFC4559], | This authentication scheme violates |
145   |                | Section 3  | both HTTP semantics (being          |
146   |                |            | connection-oriented) and syntax     |
147   |                |            | (use of syntax incompatible with    |
148   |                |            | the WWW-Authenticate and            |
149   |                |            | Authorization header field syntax). |
150   | OAuth          | [RFC5849], |                                     |
151   |                | Section    |                                     |
152   |                | 3.5.1      |                                     |
153   +----------------+------------+-------------------------------------+
154
1554.  Normative References
156
157   [RFC2617]                     Franks, J., Hallam-Baker, P.,
158                                 Hostetler, J., Lawrence, S., Leach, P.,
159                                 Luotonen, A., and L. Stewart, "HTTP
160                                 Authentication: Basic and Digest Access
161                                 Authentication", RFC 2617, June 1999.
162
163   [RFC4559]                     Jaganathan, K., Zhu, L., and J. Brezak,
164
165
166
167Reschke                   Expires May 21, 2014                  [Page 3]
168
169Internet-Draft  HTTP Authentication Scheme Registrations   November 2013
170
171
172                                 "SPNEGO-based Kerberos and NTLM HTTP
173                                 Authentication in Microsoft Windows",
174                                 RFC 4559, June 2006.
175
176   [RFC5849]                     Hammer-Lahav, E., "The OAuth 1.0
177                                 Protocol", RFC 5849, April 2010.
178
179   [RFC6750]                     Jones, M. and D. Hardt, "The OAuth 2.0
180                                 Authorization Framework: Bearer Token
181                                 Usage", RFC 6750, October 2012.
182
183   [draft-ietf-httpbis-p7-auth]  Fielding, R., Ed. and J. Reschke, Ed.,
184                                 "Hypertext Transfer Protocol
185                                 (HTTP/1.1): Authentication",
186                                 draft-ietf-httpbis-p7-auth-25 (work in
187                                 progress), November 2013.
188
189Appendix A.  Change Log (to be removed by RFC Editor before publication)
190
191   Changes up to the IETF Last Call draft are summarized in <http://
192   trac.tools.ietf.org/html/
193   draft-ietf-httpbis-authscheme-registrations-08#appendix-B>.
194
195A.1.  Since draft-ietf-httpbis-authscheme-registrations-08
196
197   Closed issues:
198
199   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/514>: "registration
200      tables should be inside IANA considerations"
201
202   Clarified the IANA action to say "add".
203
204   Updated httpbis reference.
205
206Author's Address
207
208   Julian F. Reschke
209   greenbytes GmbH
210   Hafenweg 16
211   Muenster, NW  48155
212   Germany
213
214   EMail: julian.reschke@greenbytes.de
215   URI:   http://greenbytes.de/tech/webdav/
216
217
218
219
220
221
222
223Reschke                   Expires May 21, 2014                  [Page 4]
224
Note: See TracBrowser for help on using the repository browser.