source: draft-ietf-httpbis-authscheme-registrations/10/draft-ietf-httpbis-authscheme-registrations.txt @ 2762

Last change on this file since 2762 was 2621, checked in by julian.reschke@…, 9 years ago

Draft 10
  • Property svn:eol-style set to native
File size: 8.1 KB
Line 
1
2
3
4HTTPbis Working Group                                         J. Reschke
5Internet-Draft                                                greenbytes
6Intended status: Informational                          February 6, 2014
7Expires: August 10, 2014
8
9
10               Initial Hypertext Transfer Protocol (HTTP)
11                  Authentication Scheme Registrations
12             draft-ietf-httpbis-authscheme-registrations-10
13
14Abstract
15
16   This document registers Hypertext Transfer Protocol (HTTP)
17   authentication schemes which have been defined in RFCs before the
18   IANA HTTP Authentication Scheme Registry was established.
19
20Editorial Note (To be removed by RFC Editor)
21
22   Discussion of this draft takes place on the HTTPBIS working group
23   mailing list (ietf-http-wg@w3.org), which is archived at
24   <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
25
26   The current issues list is at <http://trac.tools.ietf.org/wg/httpbis/
27   trac/query?component=authscheme-registrations> and related documents
28   (including fancy diffs) can be found at
29   <http://tools.ietf.org/wg/httpbis/>.
30
31   The changes in this draft are summarized in Appendix A.2.
32
33Status of This Memo
34
35   This Internet-Draft is submitted in full conformance with the
36   provisions of BCP 78 and BCP 79.
37
38   Internet-Drafts are working documents of the Internet Engineering
39   Task Force (IETF).  Note that other groups may also distribute
40   working documents as Internet-Drafts.  The list of current Internet-
41   Drafts is at http://datatracker.ietf.org/drafts/current/.
42
43   Internet-Drafts are draft documents valid for a maximum of six months
44   and may be updated, replaced, or obsoleted by other documents at any
45   time.  It is inappropriate to use Internet-Drafts as reference
46   material or to cite them other than as "work in progress."
47
48   This Internet-Draft will expire on August 10, 2014.
49
50Copyright Notice
51
52
53
54
55Reschke                  Expires August 10, 2014                [Page 1]
56
57Internet-Draft  HTTP Authentication Scheme Registrations   February 2014
58
59
60   Copyright (c) 2014 IETF Trust and the persons identified as the
61   document authors.  All rights reserved.
62
63   This document is subject to BCP 78 and the IETF Trust's Legal
64   Provisions Relating to IETF Documents
65   (http://trustee.ietf.org/license-info) in effect on the date of
66   publication of this document.  Please review these documents
67   carefully, as they describe your rights and restrictions with respect
68   to this document.  Code Components extracted from this document must
69   include Simplified BSD License text as described in Section 4.e of
70   the Trust Legal Provisions and are provided without warranty as
71   described in the Simplified BSD License.
72
73Table of Contents
74
75   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
76   2.  Security Considerations . . . . . . . . . . . . . . . . . . . . 3
77   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 3
78   4.  Normative References  . . . . . . . . . . . . . . . . . . . . . 3
79   Appendix A.  Change Log (to be removed by RFC Editor before
80                publication) . . . . . . . . . . . . . . . . . . . . . 4
81     A.1.  Since draft-ietf-httpbis-authscheme-registrations-08  . . . 4
82     A.2.  Since draft-ietf-httpbis-authscheme-registrations-09  . . . 4
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111Reschke                  Expires August 10, 2014                [Page 2]
112
113Internet-Draft  HTTP Authentication Scheme Registrations   February 2014
114
115
1161.  Introduction
117
118   This document registers Hypertext Transfer Protocol (HTTP)
119   authentication schemes which have been defined in RFCs before the
120   IANA HTTP Authentication Scheme Registry was established.
121
1222.  Security Considerations
123
124   There are no security considerations related to the registration
125   itself.
126
127   Security considerations applicable to the individual authentication
128   schemes ought to be discussed in the specifications that define them.
129
1303.  IANA Considerations
131
132   The table below provides registrations of HTTP authentication schemes
133   to be added to the IANA HTTP Authentication Scheme registry at
134   <http://www.iana.org/assignments/http-authschemes> (see Section 5.1
135   of [draft-ietf-httpbis-p7-auth]).
136
137   +----------------+------------+-------------------------------------+
138   | Authentication | Reference  | Notes                               |
139   | Scheme Name    |            |                                     |
140   +----------------+------------+-------------------------------------+
141   | Basic          | [RFC2617], |                                     |
142   |                | Section 2  |                                     |
143   | Bearer         | [RFC6750]  |                                     |
144   | Digest         | [RFC2617], |                                     |
145   |                | Section 3  |                                     |
146   | Negotiate      | [RFC4559], | This authentication scheme violates |
147   |                | Section 3  | both HTTP semantics (being          |
148   |                |            | connection-oriented) and syntax     |
149   |                |            | (use of syntax incompatible with    |
150   |                |            | the WWW-Authenticate and            |
151   |                |            | Authorization header field syntax). |
152   | OAuth          | [RFC5849], |                                     |
153   |                | Section    |                                     |
154   |                | 3.5.1      |                                     |
155   +----------------+------------+-------------------------------------+
156
1574.  Normative References
158
159   [RFC2617]                     Franks, J., Hallam-Baker, P.,
160                                 Hostetler, J., Lawrence, S., Leach, P.,
161                                 Luotonen, A., and L. Stewart, "HTTP
162                                 Authentication: Basic and Digest Access
163                                 Authentication", RFC 2617, June 1999.
164
165
166
167Reschke                  Expires August 10, 2014                [Page 3]
168
169Internet-Draft  HTTP Authentication Scheme Registrations   February 2014
170
171
172   [RFC4559]                     Jaganathan, K., Zhu, L., and J. Brezak,
173                                 "SPNEGO-based Kerberos and NTLM HTTP
174                                 Authentication in Microsoft Windows",
175                                 RFC 4559, June 2006.
176
177   [RFC5849]                     Hammer-Lahav, E., "The OAuth 1.0
178                                 Protocol", RFC 5849, April 2010.
179
180   [RFC6750]                     Jones, M. and D. Hardt, "The OAuth 2.0
181                                 Authorization Framework: Bearer Token
182                                 Usage", RFC 6750, October 2012.
183
184   [draft-ietf-httpbis-p7-auth]  Fielding, R., Ed. and J. Reschke, Ed.,
185                                 "Hypertext Transfer Protocol
186                                 (HTTP/1.1): Authentication",
187                                 draft-ietf-httpbis-p7-auth-26 (work in
188                                 progress), February 2014.
189
190Appendix A.  Change Log (to be removed by RFC Editor before publication)
191
192   Changes up to the IETF Last Call draft are summarized in <http://
193   trac.tools.ietf.org/html/
194   draft-ietf-httpbis-authscheme-registrations-08#appendix-B>.
195
196A.1.  Since draft-ietf-httpbis-authscheme-registrations-08
197
198   Closed issues:
199
200   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/514>: "registration
201      tables should be inside IANA considerations"
202
203   Clarified the IANA action to say "add".
204
205   Updated httpbis reference.
206
207A.2.  Since draft-ietf-httpbis-authscheme-registrations-09
208
209   Closed issues:
210
211   o  <http://tools.ietf.org/wg/httpbis/trac/ticket/530>:
212      "draft-ietf-httpbis-authscheme-registrations-09"
213
214   Updated httpbis reference.
215
216
217
218
219
220
221
222
223Reschke                  Expires August 10, 2014                [Page 4]
224
225Internet-Draft  HTTP Authentication Scheme Registrations   February 2014
226
227
228Author's Address
229
230   Julian F. Reschke
231   greenbytes GmbH
232   Hafenweg 16
233   Muenster, NW  48155
234   Germany
235
236   EMail: julian.reschke@greenbytes.de
237   URI:   http://greenbytes.de/tech/webdav/
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279Reschke                  Expires August 10, 2014                [Page 5]
280
Note: See TracBrowser for help on using the repository browser.