source: draft-ietf-httpbis-authscheme-registrations/latest/draft-ietf-httpbis-authscheme-registrations.xml @ 2515

Last change on this file since 2515 was 2515, checked in by julian.reschke@…, 7 years ago

remove misleading statement about standards-track; hint about scheme related security considerations (see #530)

  • Property svn:eol-style set to native
  • Property svn:executable set to *
  • Property svn:mime-type set to text/xml
File size: 9.4 KB
Line 
1<?xml version="1.0" encoding="utf-8"?>
2<?xml-stylesheet type='text/xsl' href='../../draft-ietf-httpbis/myxml2rfc.xslt'?>
3<?rfc toc="yes"?>
4<?rfc symrefs="yes"?>
5<?rfc sortrefs="yes"?>
6<?rfc compact="yes"?>
7<?rfc comments="yes"?>
8<?rfc inline="yes"?>
9<?rfc subcompact="no"?>
10<?rfc rfcedstyle="yes"?>
11<?rfc-ext allow-markup-in-artwork="yes" ?>
12
13<!DOCTYPE rfc [
14  <!ENTITY MAY "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>MAY</bcp14>">
15  <!ENTITY MUST "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>MUST</bcp14>">
16  <!ENTITY MUST-NOT "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>MUST NOT</bcp14>">
17  <!ENTITY OPTIONAL "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>OPTIONAL</bcp14>">
18  <!ENTITY RECOMMENDED "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>RECOMMENDED</bcp14>">
19  <!ENTITY REQUIRED "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>REQUIRED</bcp14>">
20  <!ENTITY SHALL "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHALL</bcp14>">
21  <!ENTITY SHALL-NOT "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHALL NOT</bcp14>">
22  <!ENTITY SHOULD "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHOULD</bcp14>">
23  <!ENTITY SHOULD-NOT "<bcp14 xmlns='http://purl.org/net/xml2rfc/ext'>SHOULD NOT</bcp14>">
24]>
25<rfc xmlns:x="http://purl.org/net/xml2rfc/ext" xmlns:ed="http://greenbytes.de/2002/rfcedit" ipr="trust200902" docName="draft-ietf-httpbis-authscheme-registrations-latest" category="info">
26<x:feedback template="mailto:ietf-http-wg@w3.org?subject={docname},%20%22{section}%22&amp;body=&lt;{ref}&gt;:"/>
27        <front>
28  <title abbrev="HTTP Authentication Scheme Registrations">Initial Hypertext&#160;Transfer&#160;Protocol&#160;(HTTP)
29  Authentication&#160;Scheme&#160;Registrations</title>
30
31  <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke">
32    <organization abbrev="greenbytes">greenbytes GmbH</organization>
33    <address>
34      <postal>
35        <street>Hafenweg 16</street>
36        <city>Muenster</city><region>NW</region><code>48155</code>
37        <country>Germany</country>
38      </postal>
39      <email>julian.reschke@greenbytes.de</email>       
40      <uri>http://greenbytes.de/tech/webdav/</uri>     
41    </address>
42  </author>
43
44  <date month="December" year="2013"/>
45  <workgroup>HTTPbis Working Group</workgroup>
46 
47  <abstract>
48  <t>
49    This document registers Hypertext Transfer Protocol (HTTP)
50    authentication schemes which have been defined in RFCs
51    before the IANA HTTP Authentication Scheme Registry was established.
52  </t>
53  </abstract>
54 
55  <note title="Editorial Note (To be removed by RFC Editor)">
56    <t>
57      Discussion of this draft takes place on the HTTPBIS working group
58      mailing list (ietf-http-wg@w3.org), which is archived at
59      <eref target="http://lists.w3.org/Archives/Public/ietf-http-wg/"/>.
60    </t>
61    <t>
62      The current issues list is at
63      <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/query?component=authscheme-registrations"/> and related
64      documents (including fancy diffs) can be found at
65      <eref target="http://tools.ietf.org/wg/httpbis/"/>.
66    </t>
67    <t>
68      The changes in this draft are summarized in <xref target="changes.since.09"/>.
69    </t>
70  </note>
71
72  </front>
73
74  <middle>
75
76<section title="Introduction" anchor="introduction">
77  <t>
78    This document registers Hypertext Transfer Protocol (HTTP)
79    authentication schemes which have been defined in RFCs
80    before the IANA HTTP Authentication Scheme Registry was established.
81  </t>
82</section> 
83 
84<section title="Security Considerations" anchor="security.considerations">
85  <t>
86    There are no security considerations related to the registration itself.
87  </t>
88  <t>
89    Security considerations applicable to the individual authentication schemes
90    ought to be discussed in the specifications that define them.
91  </t>
92</section> 
93
94<section title="IANA Considerations" anchor="iana.considerations">
95<t>
96  The table below provides registrations of HTTP authentication schemes to be
97  added to the IANA HTTP Authentication Scheme registry
98  at <eref target="http://www.iana.org/assignments/http-authschemes"/>
99  (see <xref target="draft-ietf-httpbis-p7-auth" x:rel="#authentication.scheme.registry"/>).
100</t>
101<texttable align="left">
102
103<ttcol>Authentication Scheme Name</ttcol>
104<ttcol>Reference</ttcol>
105<ttcol>Notes</ttcol>
106
107<c>Basic</c><c><xref target="RFC2617" x:fmt="," x:sec="2"/></c><c/>
108<c>Bearer</c><c><xref target="RFC6750"/></c><c/>
109
110<c>Digest</c><c><xref target="RFC2617" x:fmt="," x:sec="3"/></c><c/>
111
112<c>Negotiate</c><c><xref target="RFC4559" x:fmt="," x:sec="3"/></c>
113<c>This authentication scheme violates both HTTP semantics (being connection-oriented)
114and syntax (use of syntax incompatible with the WWW-Authenticate and Authorization header field
115syntax).</c>
116
117<c>OAuth</c><c><xref target="RFC5849" x:fmt="," x:sec="3.5.1"/></c><c/>
118
119</texttable>
120</section> 
121  </middle>
122  <back>
123 
124<references title="Normative References">
125
126<reference anchor="draft-ietf-httpbis-p7-auth">
127  <front>
128    <title>Hypertext Transfer Protocol (HTTP/1.1): Authentication</title>
129    <author initials="R." surname="Fielding" fullname="Roy T. Fielding" role="editor">
130      <organization abbrev="Adobe">Adobe Systems Incorporated</organization>
131      <address><email>fielding@gbiv.com</email></address>
132    </author>
133    <author initials="J. F." surname="Reschke" fullname="Julian F. Reschke" role="editor">
134      <organization abbrev="greenbytes">greenbytes GmbH</organization>
135      <address><email>julian.reschke@greenbytes.de</email></address>
136    </author>
137    <date month="November" year="2013"/>
138  </front>
139  <seriesInfo name="Internet-Draft" value="draft-ietf-httpbis-p7-auth-25"/>
140  <x:source href="../../draft-ietf-httpbis/25/p7-auth.xml" basename="draft-ietf-httpbis-p7-auth-25"/>
141</reference>
142
143<reference anchor="RFC2617">
144  <front>
145    <title abbrev="HTTP Authentication">HTTP Authentication: Basic and Digest Access Authentication</title>
146    <author initials="J." surname="Franks" fullname="John Franks">
147      <organization>Northwestern University, Department of Mathematics</organization>
148      <address><email>john@math.nwu.edu</email></address>
149    </author>
150    <author initials="P.M." surname="Hallam-Baker" fullname="Phillip M. Hallam-Baker">
151      <organization>Verisign Inc.</organization>
152      <address><email>pbaker@verisign.com</email></address>
153    </author>
154    <author initials="J.L." surname="Hostetler" fullname="Jeffery L. Hostetler">
155      <organization>AbiSource, Inc.</organization>
156      <address><email>jeff@AbiSource.com</email></address>
157    </author>
158    <author initials="S.D." surname="Lawrence" fullname="Scott D. Lawrence">
159      <organization>Agranat Systems, Inc.</organization>
160      <address><email>lawrence@agranat.com</email></address>
161    </author>
162    <author initials="P.J." surname="Leach" fullname="Paul J. Leach">
163      <organization>Microsoft Corporation</organization>
164      <address><email>paulle@microsoft.com</email></address>
165    </author>
166    <author initials="A." surname="Luotonen" fullname="Ari Luotonen">
167      <organization>Netscape Communications Corporation</organization>
168    </author>
169    <author initials="L." surname="Stewart" fullname="Lawrence C. Stewart">
170      <organization>Open Market, Inc.</organization>
171      <address><email>stewart@OpenMarket.com</email></address>
172    </author>
173    <date month="June" year="1999"/>
174  </front>
175  <seriesInfo name="RFC" value="2617"/>
176</reference>
177
178<reference anchor="RFC4559">
179  <front>
180    <title>SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows</title>
181    <author initials="K." surname="Jaganathan" fullname="K. Jaganathan"/>
182    <author initials="L." surname="Zhu" fullname="L. Zhu"/>
183    <author initials="J." surname="Brezak" fullname="J. Brezak"/>
184    <date year="2006" month="June"/>
185  </front>
186  <seriesInfo name="RFC" value="4559"/>
187</reference>
188
189<reference anchor="RFC5849">
190  <front>
191    <title>The OAuth 1.0 Protocol</title>
192    <author initials="E." surname="Hammer-Lahav" fullname="Eran Hammer-Lahav"/>
193    <date year="2010" month="April" />
194  </front>
195  <seriesInfo name="RFC" value="5849" />
196</reference>
197
198<reference anchor="RFC6750">
199  <front>
200    <title>The OAuth 2.0 Authorization Framework: Bearer Token Usage</title>
201    <author initials="M." surname="Jones" fullname="Michael B. Jones"/>
202    <author initials="D." surname="Hardt" fullname="Dick Hardt"/>
203    <date year="2012" month="October"/>
204  </front>
205  <seriesInfo name="RFC" value="6750"/>
206</reference>
207
208</references>
209 
210<!--<references title="Informative References">
211</references>-->
212
213<section title="Change Log (to be removed by RFC Editor before publication)" anchor="change.log">
214<t>
215  Changes up to the IETF Last Call draft are summarized in <eref target="http://trac.tools.ietf.org/html/draft-ietf-httpbis-authscheme-registrations-08#appendix-B"/>.
216</t>
217<section title="Since draft-ietf-httpbis-authscheme-registrations-08" anchor="changes.since.08">
218<t>
219  Closed issues:
220  <list style="symbols">
221    <t>
222      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/514"/>:
223      "registration tables should be inside IANA considerations"
224    </t>
225  </list>
226</t>
227<t>
228  Clarified the IANA action to say "add".
229</t>
230<t>
231  Updated httpbis reference.
232</t>
233</section>
234
235<section title="Since draft-ietf-httpbis-authscheme-registrations-09" anchor="changes.since.09">
236<t>
237  Closed issues:
238  <list style="symbols">
239    <t>
240      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/530"/>:
241      "draft-ietf-httpbis-authscheme-registrations-09"
242    </t>
243  </list>
244</t>
245</section>
246</section>
247
248  </back>
249
250</rfc>
Note: See TracBrowser for help on using the repository browser.