source: draft-ietf-httpbis-authscheme-registrations/09/draft-ietf-httpbis-authscheme-registrations.xml @ 2498

<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet type='text/xsl' href='../../draft-ietf-httpbis/myxml2rfc.xslt'?>
<?rfc toc="yes"?>
<?rfc symrefs="yes"?>
<?rfc sortrefs="yes"?>
<?rfc compact="yes"?>
<?rfc comments="yes"?>
<?rfc inline="yes"?>
<?rfc subcompact="no"?>
<?rfc rfcedstyle="yes"?>
<?rfc-ext allow-markup-in-artwork="yes" ?>

<!DOCTYPE rfc [
  <!ENTITY MAY "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>MAY</bcp14>">
  <!ENTITY MUST "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>MUST</bcp14>">
  <!ENTITY MUST-NOT "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>MUST NOT</bcp14>">
  <!ENTITY OPTIONAL "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>OPTIONAL</bcp14>">
  <!ENTITY RECOMMENDED "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>RECOMMENDED</bcp14>">
  <!ENTITY REQUIRED "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>REQUIRED</bcp14>">
  <!ENTITY SHALL "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHALL</bcp14>">
  <!ENTITY SHALL-NOT "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHALL NOT</bcp14>">
  <!ENTITY SHOULD "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHOULD</bcp14>">
  <!ENTITY SHOULD-NOT "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHOULD NOT</bcp14>">
]>
<rfc xmlns:x="http://purl.org/net/xml2rfc/ext" xmlns:ed="http://greenbytes.de/2002/rfcedit" ipr="trust200902" docName="draft-ietf-httpbis-authscheme-registrations-09" category="info">
<x:feedback template="mailto:ietf-http-wg@w3.org?subject={docname},%20%22{section}%22&amp;body=&lt;{ref}&gt;:"/>
        <front>
  <title abbrev="HTTP Authentication Scheme Registrations">Initial Hypertext&#160;Transfer&#160;Protocol&#160;(HTTP)
  Authentication&#160;Scheme&#160;Registrations</title>

  <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke">
    <organization abbrev="greenbytes">greenbytes GmbH</organization>
    <address>
      <postal>
        <street>Hafenweg 16</street>
        <city>Muenster</city><region>NW</region><code>48155</code>
        <country>Germany</country>
      </postal>
      <email>julian.reschke@greenbytes.de</email>       
      <uri>http://greenbytes.de/tech/webdav/</uri>      
    </address>
  </author>

  <date month="November" year="2013" day="17"/>
  <workgroup>HTTPbis Working Group</workgroup>
  
  <abstract>
  <t>
    This document registers Hypertext Transfer Protocol (HTTP)
    authentication schemes which have been defined in standards-track RFCs
    before the IANA HTTP Authentication Scheme Registry was established.
  </t>
  </abstract>
  
  <note title="Editorial Note (To be removed by RFC Editor)">
    <t>
      Discussion of this draft takes place on the HTTPBIS working group
      mailing list (ietf-http-wg@w3.org), which is archived at
      <eref target="http://lists.w3.org/Archives/Public/ietf-http-wg/"/>.
    </t>
    <t>
      The current issues list is at
      <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/query?component=authscheme-registrations"/> and related
      documents (including fancy diffs) can be found at
      <eref target="http://tools.ietf.org/wg/httpbis/"/>.
    </t>
    <t>
      The changes in this draft are summarized in <xref target="changes.since.08"/>.
    </t>
  </note>

  </front>

  <middle>

<section title="Introduction" anchor="introduction">
  <t>
    This document registers Hypertext Transfer Protocol (HTTP)
    authentication schemes which have been defined in standards-track RFCs
    before the IANA HTTP Authentication Scheme Registry was established.
  </t>
</section>  
  
<section title="Security Considerations" anchor="security.considerations">
  <t>
    There are no security considerations related to the registration itself.
  </t>
</section>  

<section title="IANA Considerations" anchor="iana.considerations">
<t>
  The table below provides registrations of HTTP authentication schemes to be
  added to the IANA HTTP Authentication Scheme registry 
  at <eref target="http://www.iana.org/assignments/http-authschemes"/>
  (see <xref target="draft-ietf-httpbis-p7-auth" x:rel="#authentication.scheme.registry"/>).
</t>
<texttable align="left">

<ttcol>Authentication Scheme Name</ttcol>
<ttcol>Reference</ttcol>
<ttcol>Notes</ttcol>

<c>Basic</c><c><xref target="RFC2617" x:fmt="," x:sec="2"/></c><c/>
<c>Bearer</c><c><xref target="RFC6750"/></c><c/>

<c>Digest</c><c><xref target="RFC2617" x:fmt="," x:sec="3"/></c><c/>

<c>Negotiate</c><c><xref target="RFC4559" x:fmt="," x:sec="3"/></c>
<c>This authentication scheme violates both HTTP semantics (being connection-oriented)
and syntax (use of syntax incompatible with the WWW-Authenticate and Authorization header field
syntax).</c>

<c>OAuth</c><c><xref target="RFC5849" x:fmt="," x:sec="3.5.1"/></c><c/>

</texttable>
</section>  
  </middle>
  <back>
  
<references title="Normative References">

<reference anchor="draft-ietf-httpbis-p7-auth">
  <front>
    <title>Hypertext Transfer Protocol (HTTP/1.1): Authentication</title>
    <author initials="R." surname="Fielding" fullname="Roy T. Fielding" role="editor">
      <organization abbrev="Adobe">Adobe Systems Incorporated</organization>
      <address><email>fielding@gbiv.com</email></address>
    </author>
    <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke" role="editor">
      <organization abbrev="greenbytes">greenbytes GmbH</organization>
      <address><email>julian.reschke@greenbytes.de</email></address>
    </author>
    <date month="November" year="2013"/>
  </front>
  <seriesInfo name="Internet-Draft" value="draft-ietf-httpbis-p7-auth-25"/>
  <x:source href="../../draft-ietf-httpbis/25/p7-auth.xml" basename="draft-ietf-httpbis-p7-auth-25"/>
</reference>

<reference anchor="RFC2617">
  <front>
    <title abbrev="HTTP Authentication">HTTP Authentication: Basic and Digest Access Authentication</title>
    <author initials="J." surname="Franks" fullname="John Franks">
      <organization>Northwestern University, Department of Mathematics</organization>
      <address><email>john@math.nwu.edu</email></address>
    </author>
    <author initials="P.M." surname="Hallam-Baker" fullname="Phillip M. Hallam-Baker">
      <organization>Verisign Inc.</organization>
      <address><email>pbaker@verisign.com</email></address>
    </author>
    <author initials="J.L." surname="Hostetler" fullname="Jeffery L. Hostetler">
      <organization>AbiSource, Inc.</organization>
      <address><email>jeff@AbiSource.com</email></address>
    </author>
    <author initials="S.D." surname="Lawrence" fullname="Scott D. Lawrence">
      <organization>Agranat Systems, Inc.</organization>
      <address><email>lawrence@agranat.com</email></address>
    </author>
    <author initials="P.J." surname="Leach" fullname="Paul J. Leach">
      <organization>Microsoft Corporation</organization>
      <address><email>paulle@microsoft.com</email></address>
    </author>
    <author initials="A." surname="Luotonen" fullname="Ari Luotonen">
      <organization>Netscape Communications Corporation</organization>
    </author>
    <author initials="L." surname="Stewart" fullname="Lawrence C. Stewart">
      <organization>Open Market, Inc.</organization>
      <address><email>stewart@OpenMarket.com</email></address>
    </author>
    <date month="June" year="1999"/>
  </front>
  <seriesInfo name="RFC" value="2617"/>
</reference>

<reference anchor="RFC4559">
  <front>
    <title>SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows</title>
    <author initials="K." surname="Jaganathan" fullname="K. Jaganathan"/>
    <author initials="L." surname="Zhu" fullname="L. Zhu"/>
    <author initials="J." surname="Brezak" fullname="J. Brezak"/>
    <date year="2006" month="June"/>
  </front>
  <seriesInfo name="RFC" value="4559"/>
</reference>

<reference anchor="RFC5849">
  <front>
    <title>The OAuth 1.0 Protocol</title>
    <author initials="E." surname="Hammer-Lahav" fullname="Eran Hammer-Lahav"/>
    <date year="2010" month="April" />
  </front>
  <seriesInfo name="RFC" value="5849" />
</reference>

<reference anchor="RFC6750">
  <front>
    <title>The OAuth 2.0 Authorization Framework: Bearer Token Usage</title>
    <author initials="M." surname="Jones" fullname="Michael B. Jones"/>
    <author initials="D." surname="Hardt" fullname="Dick Hardt"/>
    <date year="2012" month="October"/>
  </front>
  <seriesInfo name="RFC" value="6750"/>
</reference>

</references>
  
<!--<references title="Informative References">
</references>-->

<section title="Change Log (to be removed by RFC Editor before publication)" anchor="change.log">
<t>
  Changes up to the IETF Last Call draft are summarized in <eref target="http://trac.tools.ietf.org/html/draft-ietf-httpbis-authscheme-registrations-08#appendix-B"/>.
</t>
<section title="Since draft-ietf-httpbis-authscheme-registrations-08" anchor="changes.since.08">
<t>
  Closed issues:
  <list style="symbols">
    <t>
      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/514"/>:
      "registration tables should be inside IANA considerations"
    </t>
  </list>
</t>
<t>
  Clarified the IANA action to say "add".
</t>
<t>
  Updated httpbis reference.
</t>
</section>
</section>

  </back>

</rfc>