| 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
|---|
| 2 | <!-- Generated by rfcdiff 1.34: rfcdiff --> |
|---|
| 3 | <!-- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional" > --> |
|---|
| 4 | <!-- System: Darwin kiwi.local 8.11.0 Darwin Kernel Version 8.11.0: Wed Oct 10 18:26:00 PDT 2007; root:xnu-792.24.17~1/RELEASE_PPC Power Macintosh powerpc --> |
|---|
| 5 | <!-- Using awk: /usr/local/bin/gawk: GNU Awk 3.1.6 --> |
|---|
| 6 | <!-- Using diff: /usr/bin/diff: diff (GNU diffutils) 2.8.1 --> |
|---|
| 7 | <!-- Using wdiff: /usr/local/bin/wdiff: wdiff (Free wdiff) 0.5g --> |
|---|
| 8 | <html> |
|---|
| 9 | <head> |
|---|
| 10 | <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> |
|---|
| 11 | <meta http-equiv="Content-Style-Type" content="text/css" /> |
|---|
| 12 | <title>Diff: draft-ietf-httpbis-p7-auth-00.txt - draft-ietf-httpbis-p7-auth-01.txt</title> |
|---|
| 13 | <style type="text/css"> |
|---|
| 14 | body { margin: 0.4ex; margin-right: auto; } |
|---|
| 15 | tr { } |
|---|
| 16 | td { white-space: pre; font-family: monospace; vertical-align: top; font-size: 0.86em;} |
|---|
| 17 | th { font-size: 0.86em; } |
|---|
| 18 | .small { font-size: 0.6em; font-style: italic; font-family: Verdana, Helvetica, sans-serif; } |
|---|
| 19 | .left { background-color: #EEE; } |
|---|
| 20 | .right { background-color: #FFF; } |
|---|
| 21 | .diff { background-color: #CCF; } |
|---|
| 22 | .lblock { background-color: #BFB; } |
|---|
| 23 | .rblock { background-color: #FF8; } |
|---|
| 24 | .insert { background-color: #8FF; } |
|---|
| 25 | .delete { background-color: #ACF; } |
|---|
| 26 | .void { background-color: #FFB; } |
|---|
| 27 | .cont { background-color: #EEE; } |
|---|
| 28 | .linebr { background-color: #AAA; } |
|---|
| 29 | .lineno { color: red; background-color: #FFF; font-size: 0.7em; text-align: right; padding: 0 2px; } |
|---|
| 30 | .elipsis{ background-color: #AAA; } |
|---|
| 31 | .left .cont { background-color: #DDD; } |
|---|
| 32 | .right .cont { background-color: #EEE; } |
|---|
| 33 | .lblock .cont { background-color: #9D9; } |
|---|
| 34 | .rblock .cont { background-color: #DD6; } |
|---|
| 35 | .insert .cont { background-color: #0DD; } |
|---|
| 36 | .delete .cont { background-color: #8AD; } |
|---|
| 37 | .stats, .stats td, .stats th { background-color: #EEE; padding: 2px 0; } |
|---|
| 38 | </style> |
|---|
| 39 | </head> |
|---|
| 40 | <body > |
|---|
| 41 | <table border="0" cellpadding="0" cellspacing="0"> |
|---|
| 42 | <tr bgcolor="orange"><th></th><th> draft-ietf-httpbis-p7-auth-00.txt </th><th> </th><th> draft-ietf-httpbis-p7-auth-01.txt </th><th></th></tr> |
|---|
| 43 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 44 | <tr><td class="lineno" valign="top"></td><td class="left">Network Working Group R. Fielding, Ed.</td><td> </td><td class="right">Network Working Group R. Fielding, Ed.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 45 | <tr><td class="lineno" valign="top"></td><td class="left">Internet-Draft Day Software</td><td> </td><td class="right">Internet-Draft Day Software</td><td class="lineno" valign="top"></td></tr> |
|---|
| 46 | <tr><td><a name="diff0001" /></td></tr> |
|---|
| 47 | <tr><td class="lineno" valign="top"></td><td class="lblock">Obsoletes: <span class="delete">2068,</span> 2616 J. Gettys</td><td> </td><td class="rblock">Obsoletes: 2616 <span class="insert">(if approved)</span> J. Gettys</td><td class="lineno" valign="top"></td></tr> |
|---|
| 48 | <tr><td class="lineno" valign="top"></td><td class="lblock">(if approved) One Laptop per Child</td><td> </td><td class="rblock"><span class="insert">Updates: 2617</span> (if approved) One Laptop per Child</td><td class="lineno" valign="top"></td></tr> |
|---|
| 49 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">Updates: 2617 (if approved) J. Mogul</span></td><td> </td><td class="rblock">Intended status: Standards Track <span class="insert">J. Mogul</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 50 | <tr><td class="lineno" valign="top"></td><td class="lblock">Intended status: Standards Track <span class="delete">HP</span></td><td> </td><td class="rblock">Expires: <span class="insert">July 15,</span> 2008 <span class="insert">HP</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 51 | <tr><td class="lineno" valign="top"></td><td class="lblock">Expires: <span class="delete">June 22,</span> 2008 H. Frystyk</td><td> </td><td class="rblock"> H. Frystyk</td><td class="lineno" valign="top"></td></tr> |
|---|
| 52 | <tr><td class="lineno" valign="top"></td><td class="left"> Microsoft</td><td> </td><td class="right"> Microsoft</td><td class="lineno" valign="top"></td></tr> |
|---|
| 53 | <tr><td class="lineno" valign="top"></td><td class="left"> L. Masinter</td><td> </td><td class="right"> L. Masinter</td><td class="lineno" valign="top"></td></tr> |
|---|
| 54 | <tr><td class="lineno" valign="top"></td><td class="left"> Adobe Systems</td><td> </td><td class="right"> Adobe Systems</td><td class="lineno" valign="top"></td></tr> |
|---|
| 55 | <tr><td class="lineno" valign="top"></td><td class="left"> P. Leach</td><td> </td><td class="right"> P. Leach</td><td class="lineno" valign="top"></td></tr> |
|---|
| 56 | <tr><td class="lineno" valign="top"></td><td class="left"> Microsoft</td><td> </td><td class="right"> Microsoft</td><td class="lineno" valign="top"></td></tr> |
|---|
| 57 | <tr><td class="lineno" valign="top"></td><td class="left"> T. Berners-Lee</td><td> </td><td class="right"> T. Berners-Lee</td><td class="lineno" valign="top"></td></tr> |
|---|
| 58 | <tr><td class="lineno" valign="top"></td><td class="left"> W3C/MIT</td><td> </td><td class="right"> W3C/MIT</td><td class="lineno" valign="top"></td></tr> |
|---|
| 59 | <tr><td><a name="diff0002" /></td></tr> |
|---|
| 60 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">December 20, 2007</span></td><td> </td><td class="rblock"> <span class="insert">Y. Lafon, Ed.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 61 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> W3C</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 62 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> J. Reschke, Ed.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 63 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> greenbytes</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 64 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> January 12, 2008</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 65 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 66 | <tr><td class="lineno" valign="top"></td><td class="left"> HTTP/1.1, part 7: Authentication</td><td> </td><td class="right"> HTTP/1.1, part 7: Authentication</td><td class="lineno" valign="top"></td></tr> |
|---|
| 67 | <tr><td><a name="diff0003" /></td></tr> |
|---|
| 68 | <tr><td class="lineno" valign="top"></td><td class="lblock"> draft-ietf-httpbis-p7-auth-0<span class="delete">0</span></td><td> </td><td class="rblock"> draft-ietf-httpbis-p7-auth-0<span class="insert">1</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 69 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 70 | <tr><td class="lineno" valign="top"></td><td class="left">Status of this Memo</td><td> </td><td class="right">Status of this Memo</td><td class="lineno" valign="top"></td></tr> |
|---|
| 71 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 72 | <tr><td class="lineno" valign="top"></td><td class="left"> By submitting this Internet-Draft, each author represents that any</td><td> </td><td class="right"> By submitting this Internet-Draft, each author represents that any</td><td class="lineno" valign="top"></td></tr> |
|---|
| 73 | <tr><td class="lineno" valign="top"></td><td class="left"> applicable patent or other IPR claims of which he or she is aware</td><td> </td><td class="right"> applicable patent or other IPR claims of which he or she is aware</td><td class="lineno" valign="top"></td></tr> |
|---|
| 74 | <tr><td class="lineno" valign="top"></td><td class="left"> have been or will be disclosed, and any of which he or she becomes</td><td> </td><td class="right"> have been or will be disclosed, and any of which he or she becomes</td><td class="lineno" valign="top"></td></tr> |
|---|
| 75 | <tr><td class="lineno" valign="top"></td><td class="left"> aware will be disclosed, in accordance with Section 6 of BCP 79.</td><td> </td><td class="right"> aware will be disclosed, in accordance with Section 6 of BCP 79.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 76 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 77 | <tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are working documents of the Internet Engineering</td><td> </td><td class="right"> Internet-Drafts are working documents of the Internet Engineering</td><td class="lineno" valign="top"></td></tr> |
|---|
| 78 | <tr><td class="lineno" valign="top"></td><td class="left"> Task Force (IETF), its areas, and its working groups. Note that</td><td> </td><td class="right"> Task Force (IETF), its areas, and its working groups. Note that</td><td class="lineno" valign="top"></td></tr> |
|---|
| 79 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 80 | <tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> page 1, line 45</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> page 1, line 49</em></th><td></td></tr> |
|---|
| 81 | <tr><td class="lineno" valign="top"></td><td class="left"> and may be updated, replaced, or obsoleted by other documents at any</td><td> </td><td class="right"> and may be updated, replaced, or obsoleted by other documents at any</td><td class="lineno" valign="top"></td></tr> |
|---|
| 82 | <tr><td class="lineno" valign="top"></td><td class="left"> time. It is inappropriate to use Internet-Drafts as reference</td><td> </td><td class="right"> time. It is inappropriate to use Internet-Drafts as reference</td><td class="lineno" valign="top"></td></tr> |
|---|
| 83 | <tr><td class="lineno" valign="top"></td><td class="left"> material or to cite them other than as "work in progress."</td><td> </td><td class="right"> material or to cite them other than as "work in progress."</td><td class="lineno" valign="top"></td></tr> |
|---|
| 84 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 85 | <tr><td class="lineno" valign="top"></td><td class="left"> The list of current Internet-Drafts can be accessed at</td><td> </td><td class="right"> The list of current Internet-Drafts can be accessed at</td><td class="lineno" valign="top"></td></tr> |
|---|
| 86 | <tr><td class="lineno" valign="top"></td><td class="left"> http://www.ietf.org/ietf/1id-abstracts.txt.</td><td> </td><td class="right"> http://www.ietf.org/ietf/1id-abstracts.txt.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 87 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 88 | <tr><td class="lineno" valign="top"></td><td class="left"> The list of Internet-Draft Shadow Directories can be accessed at</td><td> </td><td class="right"> The list of Internet-Draft Shadow Directories can be accessed at</td><td class="lineno" valign="top"></td></tr> |
|---|
| 89 | <tr><td class="lineno" valign="top"></td><td class="left"> http://www.ietf.org/shadow.html.</td><td> </td><td class="right"> http://www.ietf.org/shadow.html.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 90 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 91 | <tr><td><a name="diff0004" /></td></tr> |
|---|
| 92 | <tr><td class="lineno" valign="top"></td><td class="lblock"> This Internet-Draft will expire on Ju<span class="delete">ne 22</span>, 2008.</td><td> </td><td class="rblock"> This Internet-Draft will expire on Ju<span class="insert">ly 15</span>, 2008.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 93 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 94 | <tr><td class="lineno" valign="top"></td><td class="left">Copyright Notice</td><td> </td><td class="right">Copyright Notice</td><td class="lineno" valign="top"></td></tr> |
|---|
| 95 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 96 | <tr><td><a name="diff0005" /></td></tr> |
|---|
| 97 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Copyright (C) The IETF Trust (200<span class="delete">7</span>).</td><td> </td><td class="rblock"> Copyright (C) The IETF Trust (200<span class="insert">8</span>).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 98 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 99 | <tr><td class="lineno" valign="top"></td><td class="left">Abstract</td><td> </td><td class="right">Abstract</td><td class="lineno" valign="top"></td></tr> |
|---|
| 100 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 101 | <tr><td class="lineno" valign="top"></td><td class="left"> The Hypertext Transfer Protocol (HTTP) is an application-level</td><td> </td><td class="right"> The Hypertext Transfer Protocol (HTTP) is an application-level</td><td class="lineno" valign="top"></td></tr> |
|---|
| 102 | <tr><td class="lineno" valign="top"></td><td class="left"> protocol for distributed, collaborative, hypermedia information</td><td> </td><td class="right"> protocol for distributed, collaborative, hypermedia information</td><td class="lineno" valign="top"></td></tr> |
|---|
| 103 | <tr><td class="lineno" valign="top"></td><td class="left"> systems. HTTP has been in use by the World Wide Web global</td><td> </td><td class="right"> systems. HTTP has been in use by the World Wide Web global</td><td class="lineno" valign="top"></td></tr> |
|---|
| 104 | <tr><td class="lineno" valign="top"></td><td class="left"> information initiative since 1990. This document is Part 7 of the</td><td> </td><td class="right"> information initiative since 1990. This document is Part 7 of the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 105 | <tr><td class="lineno" valign="top"></td><td class="left"> seven-part specification that defines the protocol referred to as</td><td> </td><td class="right"> seven-part specification that defines the protocol referred to as</td><td class="lineno" valign="top"></td></tr> |
|---|
| 106 | <tr><td class="lineno" valign="top"></td><td class="left"> "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines</td><td> </td><td class="right"> "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines</td><td class="lineno" valign="top"></td></tr> |
|---|
| 107 | <tr><td class="lineno" valign="top"></td><td class="left"> HTTP Authentication.</td><td> </td><td class="right"> HTTP Authentication.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 108 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 109 | <tr><td class="lineno" valign="top"></td><td class="left">Editorial Note (To be removed by RFC Editor)</td><td> </td><td class="right">Editorial Note (To be removed by RFC Editor)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 110 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 111 | <tr><td><a name="diff0006" /></td></tr> |
|---|
| 112 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">This version of the HTTP specification contains only minimal</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 113 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> editorial changes from [RFC2616] (abstract, introductory paragraph,</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 114 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> and authors' addresses). All other changes are due to partitioning</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 115 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> the original into seven mostly independent parts. The intent is for</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 116 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> readers of future drafts to able to use draft 00 as the basis for</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 117 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> comparison when the WG makes later changes to the specification text.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 118 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> This draft will shortly be followed by draft 01 (containing the first</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 119 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> round of changes that have already been agreed to on the mailing</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 120 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> list). There is no point in reviewing this draft other than to</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 121 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> verify that the partitioning has been done correctly. Roy T.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 122 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> Fielding, Yves Lafon, and Julian Reschke will be the editors after</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 123 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> draft 00 is submitted.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 124 | <tr><td class="lineno" valign="top"></td><td class="lblock"> </td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 125 | <tr><td class="lineno" valign="top"></td><td class="left"> Discussion of this draft should take place on the HTTPBIS working</td><td> </td><td class="right"> Discussion of this draft should take place on the HTTPBIS working</td><td class="lineno" valign="top"></td></tr> |
|---|
| 126 | <tr><td class="lineno" valign="top"></td><td class="left"> group mailing list (ietf-http-wg@w3.org). The current issues list is</td><td> </td><td class="right"> group mailing list (ietf-http-wg@w3.org). The current issues list is</td><td class="lineno" valign="top"></td></tr> |
|---|
| 127 | <tr><td><a name="diff0007" /></td></tr> |
|---|
| 128 | <tr><td class="lineno" valign="top"></td><td class="lblock"> at <http://www<span class="delete">3</span>.tools.ietf.org/wg/httpbis/trac/report/11> and related</td><td> </td><td class="rblock"> at <http://www.tools.ietf.org/wg/httpbis/trac/report/11> and related</td><td class="lineno" valign="top"></td></tr> |
|---|
| 129 | <tr><td class="lineno" valign="top"></td><td class="left"> documents (including fancy diffs) can be found at</td><td> </td><td class="right"> documents (including fancy diffs) can be found at</td><td class="lineno" valign="top"></td></tr> |
|---|
| 130 | <tr><td><a name="diff0008" /></td></tr> |
|---|
| 131 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete"><http://www3.tools.ietf.org/wg/httpbis/>.</span></td><td> </td><td class="rblock"> <span class="insert"><http://www.tools.ietf.org/wg/httpbis/>.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 132 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 133 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> This draft incorporates those issue resolutions that were either</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 134 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> collected in the original RFC2616 errata list</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 135 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> (<http://purl.org/NET/http-errata>), or which were agreed upon on the</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 136 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> mailing list between October 2006 and November 2007 (as published in</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 137 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> "draft-lafon-rfc2616bis-03").</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 138 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 139 | <tr><td class="lineno" valign="top"></td><td class="left">Table of Contents</td><td> </td><td class="right">Table of Contents</td><td class="lineno" valign="top"></td></tr> |
|---|
| 140 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 141 | <tr><td class="lineno" valign="top"></td><td class="left"> 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4</td><td> </td><td class="right"> 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4</td><td class="lineno" valign="top"></td></tr> |
|---|
| 142 | <tr><td><a name="diff0009" /></td></tr> |
|---|
| 143 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 144 | <tr><td class="lineno" valign="top"></td><td class="left"> 2. Status Code Definitions . . . . . . . . . . . . . . . . . . . 4</td><td> </td><td class="right"> 2. Status Code Definitions . . . . . . . . . . . . . . . . . . . 4</td><td class="lineno" valign="top"></td></tr> |
|---|
| 145 | <tr><td class="lineno" valign="top"></td><td class="left"> 2.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 4</td><td> </td><td class="right"> 2.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 4</td><td class="lineno" valign="top"></td></tr> |
|---|
| 146 | <tr><td><a name="diff0010" /></td></tr> |
|---|
| 147 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 2.2. 407 Proxy Authentication Required . . . . . . . . . . . . <span class="delete">4</span></td><td> </td><td class="rblock"> 2.2. 407 Proxy Authentication Required . . . . . . . . . . . . <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 148 | <tr><td class="lineno" valign="top"></td><td class="left"> 3. Header Field Definitions . . . . . . . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 3. Header Field Definitions . . . . . . . . . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 149 | <tr><td class="lineno" valign="top"></td><td class="left"> 3.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 3.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 150 | <tr><td class="lineno" valign="top"></td><td class="left"> 3.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 3.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 151 | <tr><td class="lineno" valign="top"></td><td class="left"> 3.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 3.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 152 | <tr><td><a name="diff0011" /></td></tr> |
|---|
| 153 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 3.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . <span class="delete">6</span></td><td> </td><td class="rblock"> 3.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . <span class="insert">7</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 154 | <tr><td class="lineno" valign="top"></td><td class="left"> 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7</td><td> </td><td class="right"> 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7</td><td class="lineno" valign="top"></td></tr> |
|---|
| 155 | <tr><td class="lineno" valign="top"></td><td class="left"> 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7</td><td> </td><td class="right"> 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7</td><td class="lineno" valign="top"></td></tr> |
|---|
| 156 | <tr><td class="lineno" valign="top"></td><td class="left"> 5.1. Authentication Credentials and Idle Clients . . . . . . . 7</td><td> </td><td class="right"> 5.1. Authentication Credentials and Idle Clients . . . . . . . 7</td><td class="lineno" valign="top"></td></tr> |
|---|
| 157 | <tr><td class="lineno" valign="top"></td><td class="left"> 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr> |
|---|
| 158 | <tr><td class="lineno" valign="top"></td><td class="left"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr> |
|---|
| 159 | <tr><td><a name="diff0012" /></td></tr> |
|---|
| 160 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">Index</span> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="rblock"> <span class="insert">7.1. Normative References . . . . . . .</span> . . . . . . . . . . . . <span class="insert">8</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 161 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">9</span></td><td> </td><td class="rblock"><span class="insert"> 7.2. Informative References</span> . . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr> |
|---|
| 162 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Intellectual Property and Copyright Statements . . . . . . . . . . <span class="delete">11</span></td><td> </td><td class="rblock"> <span class="insert">Appendix A. Compatibility with Previous Versions . . . . . . . . 9</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 163 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> A.1. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 9</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 164 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Appendix B. Change Log (to be removed by RFC Editor before</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 165 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> publication) . . . . . . . . . . . . . . . . . . . . 9</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 166 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> B.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 9</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 167 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> B.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 9</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 168 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 169 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">10</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 170 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> Intellectual Property and Copyright Statements . . . . . . . . . . <span class="insert">13</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 171 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 172 | <tr><td class="lineno" valign="top"></td><td class="left">1. Introduction</td><td> </td><td class="right">1. Introduction</td><td class="lineno" valign="top"></td></tr> |
|---|
| 173 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 174 | <tr><td><a name="diff0013" /></td></tr> |
|---|
| 175 | <tr><td class="lineno" valign="top"></td><td class="lblock"> This document <span class="delete">will define aspects of HTTP related to</span> access control</td><td> </td><td class="rblock"> This document <span class="insert">defines HTTP/1.1</span> access control and authentication.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 176 | <tr><td class="lineno" valign="top"></td><td class="lblock"> and authentication. Right now it <span class="delete">only</span> includes the extracted</td><td> </td><td class="rblock"> Right now it includes the extracted relevant sections of RFC 2616</td><td class="lineno" valign="top"></td></tr> |
|---|
| 177 | <tr><td class="lineno" valign="top"></td><td class="lblock"> relevant sections of RFC 2616 <span class="delete">[RFC2616]</span> with only minor <span class="delete">edits.</span></td><td> </td><td class="rblock"> with only minor <span class="insert">changes. The intention is to move the general</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 178 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> framework for HTTP authentication here, as currently specified in</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 179 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> [RFC2617], and allow the individual authentication mechanisms to be</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 180 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> defined elsewhere. This introduction will be rewritten when that</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 181 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> occurs.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 182 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 183 | <tr><td class="lineno" valign="top"></td><td class="left"> HTTP provides several OPTIONAL challenge-response authentication</td><td> </td><td class="right"> HTTP provides several OPTIONAL challenge-response authentication</td><td class="lineno" valign="top"></td></tr> |
|---|
| 184 | <tr><td class="lineno" valign="top"></td><td class="left"> mechanisms which can be used by a server to challenge a client</td><td> </td><td class="right"> mechanisms which can be used by a server to challenge a client</td><td class="lineno" valign="top"></td></tr> |
|---|
| 185 | <tr><td class="lineno" valign="top"></td><td class="left"> request and by a client to provide authentication information. The</td><td> </td><td class="right"> request and by a client to provide authentication information. The</td><td class="lineno" valign="top"></td></tr> |
|---|
| 186 | <tr><td class="lineno" valign="top"></td><td class="left"> general framework for access authentication, and the specification of</td><td> </td><td class="right"> general framework for access authentication, and the specification of</td><td class="lineno" valign="top"></td></tr> |
|---|
| 187 | <tr><td class="lineno" valign="top"></td><td class="left"> "basic" and "digest" authentication, are specified in "HTTP</td><td> </td><td class="right"> "basic" and "digest" authentication, are specified in "HTTP</td><td class="lineno" valign="top"></td></tr> |
|---|
| 188 | <tr><td class="lineno" valign="top"></td><td class="left"> Authentication: Basic and Digest Access Authentication" [RFC2617].</td><td> </td><td class="right"> Authentication: Basic and Digest Access Authentication" [RFC2617].</td><td class="lineno" valign="top"></td></tr> |
|---|
| 189 | <tr><td class="lineno" valign="top"></td><td class="left"> This specification adopts the definitions of "challenge" and</td><td> </td><td class="right"> This specification adopts the definitions of "challenge" and</td><td class="lineno" valign="top"></td></tr> |
|---|
| 190 | <tr><td class="lineno" valign="top"></td><td class="left"> "credentials" from that specification.</td><td> </td><td class="right"> "credentials" from that specification.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 191 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 192 | <tr><td><a name="diff0014" /></td></tr> |
|---|
| 193 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">1.1. Requirements</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 194 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 195 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 196 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 197 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> document are to be interpreted as described in [RFC2119].</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 198 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 199 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> An implementation is not compliant if it fails to satisfy one or more</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 200 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> of the MUST or REQUIRED level requirements for the protocols it</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 201 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> implements. An implementation that satisfies all the MUST or</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 202 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> REQUIRED level and all the SHOULD level requirements for its</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 203 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> protocols is said to be "unconditionally compliant"; one that</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 204 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> satisfies all the MUST level requirements but not all the SHOULD</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 205 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> level requirements for its protocols is said to be "conditionally</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 206 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> compliant."</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 207 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> |
|---|
| 208 | <tr><td class="lineno" valign="top"></td><td class="left">2. Status Code Definitions</td><td> </td><td class="right">2. Status Code Definitions</td><td class="lineno" valign="top"></td></tr> |
|---|
| 209 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 210 | <tr><td class="lineno" valign="top"></td><td class="left">2.1. 401 Unauthorized</td><td> </td><td class="right">2.1. 401 Unauthorized</td><td class="lineno" valign="top"></td></tr> |
|---|
| 211 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 212 | <tr><td class="lineno" valign="top"></td><td class="left"> The request requires user authentication. The response MUST include</td><td> </td><td class="right"> The request requires user authentication. The response MUST include</td><td class="lineno" valign="top"></td></tr> |
|---|
| 213 | <tr><td class="lineno" valign="top"></td><td class="left"> a WWW-Authenticate header field (Section 3.4) containing a challenge</td><td> </td><td class="right"> a WWW-Authenticate header field (Section 3.4) containing a challenge</td><td class="lineno" valign="top"></td></tr> |
|---|
| 214 | <tr><td class="lineno" valign="top"></td><td class="left"> applicable to the requested resource. The client MAY repeat the</td><td> </td><td class="right"> applicable to the requested resource. The client MAY repeat the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 215 | <tr><td class="lineno" valign="top"></td><td class="left"> request with a suitable Authorization header field (Section 3.1). If</td><td> </td><td class="right"> request with a suitable Authorization header field (Section 3.1). If</td><td class="lineno" valign="top"></td></tr> |
|---|
| 216 | <tr><td class="lineno" valign="top"></td><td class="left"> the request already included Authorization credentials, then the 401</td><td> </td><td class="right"> the request already included Authorization credentials, then the 401</td><td class="lineno" valign="top"></td></tr> |
|---|
| 217 | <tr><td class="lineno" valign="top"></td><td class="left"> response indicates that authorization has been refused for those</td><td> </td><td class="right"> response indicates that authorization has been refused for those</td><td class="lineno" valign="top"></td></tr> |
|---|
| 218 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 219 | <tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> page 5, line 7</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> page 5, line 22</em></th><td></td></tr> |
|---|
| 220 | <tr><td class="lineno" valign="top"></td><td class="left"> client must first authenticate itself with the proxy. The proxy MUST</td><td> </td><td class="right"> client must first authenticate itself with the proxy. The proxy MUST</td><td class="lineno" valign="top"></td></tr> |
|---|
| 221 | <tr><td class="lineno" valign="top"></td><td class="left"> return a Proxy-Authenticate header field (Section 3.2) containing a</td><td> </td><td class="right"> return a Proxy-Authenticate header field (Section 3.2) containing a</td><td class="lineno" valign="top"></td></tr> |
|---|
| 222 | <tr><td class="lineno" valign="top"></td><td class="left"> challenge applicable to the proxy for the requested resource. The</td><td> </td><td class="right"> challenge applicable to the proxy for the requested resource. The</td><td class="lineno" valign="top"></td></tr> |
|---|
| 223 | <tr><td class="lineno" valign="top"></td><td class="left"> client MAY repeat the request with a suitable Proxy-Authorization</td><td> </td><td class="right"> client MAY repeat the request with a suitable Proxy-Authorization</td><td class="lineno" valign="top"></td></tr> |
|---|
| 224 | <tr><td class="lineno" valign="top"></td><td class="left"> header field (Section 3.3). HTTP access authentication is explained</td><td> </td><td class="right"> header field (Section 3.3). HTTP access authentication is explained</td><td class="lineno" valign="top"></td></tr> |
|---|
| 225 | <tr><td class="lineno" valign="top"></td><td class="left"> in "HTTP Authentication: Basic and Digest Access Authentication"</td><td> </td><td class="right"> in "HTTP Authentication: Basic and Digest Access Authentication"</td><td class="lineno" valign="top"></td></tr> |
|---|
| 226 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC2617].</td><td> </td><td class="right"> [RFC2617].</td><td class="lineno" valign="top"></td></tr> |
|---|
| 227 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 228 | <tr><td class="lineno" valign="top"></td><td class="left">3. Header Field Definitions</td><td> </td><td class="right">3. Header Field Definitions</td><td class="lineno" valign="top"></td></tr> |
|---|
| 229 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 230 | <tr><td><a name="diff0015" /></td></tr> |
|---|
| 231 | <tr><td class="lineno" valign="top"></td><td class="lblock"> This section defines the syntax and semantics of <span class="delete">all standard</span></td><td> </td><td class="rblock"> This section defines the syntax and semantics of HTTP/1.1 header</td><td class="lineno" valign="top"></td></tr> |
|---|
| 232 | <tr><td class="lineno" valign="top"></td><td class="lblock"> HTTP/1.1 header <span class="delete">fields. For entity-header fields, both sender and</span></td><td> </td><td class="rblock"> <span class="insert">fields related</span> to <span class="insert">authentication.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 233 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> recipient refer</span> to <span class="delete">either the client or the server, depending on who</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 234 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> sends and who receives the entity.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 235 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 236 | <tr><td class="lineno" valign="top"></td><td class="left">3.1. Authorization</td><td> </td><td class="right">3.1. Authorization</td><td class="lineno" valign="top"></td></tr> |
|---|
| 237 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 238 | <tr><td class="lineno" valign="top"></td><td class="left"> A user agent that wishes to authenticate itself with a server--</td><td> </td><td class="right"> A user agent that wishes to authenticate itself with a server--</td><td class="lineno" valign="top"></td></tr> |
|---|
| 239 | <tr><td class="lineno" valign="top"></td><td class="left"> usually, but not necessarily, after receiving a 401 response--does so</td><td> </td><td class="right"> usually, but not necessarily, after receiving a 401 response--does so</td><td class="lineno" valign="top"></td></tr> |
|---|
| 240 | <tr><td class="lineno" valign="top"></td><td class="left"> by including an Authorization request-header field with the request.</td><td> </td><td class="right"> by including an Authorization request-header field with the request.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 241 | <tr><td class="lineno" valign="top"></td><td class="left"> The Authorization field value consists of credentials containing the</td><td> </td><td class="right"> The Authorization field value consists of credentials containing the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 242 | <tr><td class="lineno" valign="top"></td><td class="left"> authentication information of the user agent for the realm of the</td><td> </td><td class="right"> authentication information of the user agent for the realm of the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 243 | <tr><td class="lineno" valign="top"></td><td class="left"> resource being requested.</td><td> </td><td class="right"> resource being requested.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 244 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 245 | <tr><td class="lineno" valign="top"></td><td class="left"> Authorization = "Authorization" ":" credentials</td><td> </td><td class="right"> Authorization = "Authorization" ":" credentials</td><td class="lineno" valign="top"></td></tr> |
|---|
| 246 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 247 | <tr><td class="lineno" valign="top"></td><td class="left"> HTTP access authentication is described in "HTTP Authentication:</td><td> </td><td class="right"> HTTP access authentication is described in "HTTP Authentication:</td><td class="lineno" valign="top"></td></tr> |
|---|
| 248 | <tr><td class="lineno" valign="top"></td><td class="left"> Basic and Digest Access Authentication" [RFC2617]. If a request is</td><td> </td><td class="right"> Basic and Digest Access Authentication" [RFC2617]. If a request is</td><td class="lineno" valign="top"></td></tr> |
|---|
| 249 | <tr><td class="lineno" valign="top"></td><td class="left"> authenticated and a realm specified, the same credentials SHOULD be</td><td> </td><td class="right"> authenticated and a realm specified, the same credentials SHOULD be</td><td class="lineno" valign="top"></td></tr> |
|---|
| 250 | <tr><td class="lineno" valign="top"></td><td class="left"> valid for all other requests within this realm (assuming that the</td><td> </td><td class="right"> valid for all other requests within this realm (assuming that the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 251 | <tr><td class="lineno" valign="top"></td><td class="left"> authentication scheme itself does not require otherwise, such as</td><td> </td><td class="right"> authentication scheme itself does not require otherwise, such as</td><td class="lineno" valign="top"></td></tr> |
|---|
| 252 | <tr><td class="lineno" valign="top"></td><td class="left"> credentials that vary according to a challenge value or using</td><td> </td><td class="right"> credentials that vary according to a challenge value or using</td><td class="lineno" valign="top"></td></tr> |
|---|
| 253 | <tr><td class="lineno" valign="top"></td><td class="left"> synchronized clocks).</td><td> </td><td class="right"> synchronized clocks).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 254 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 255 | <tr><td><a name="diff0016" /></td></tr> |
|---|
| 256 | <tr><td class="lineno" valign="top"></td><td class="lblock"> When a shared cache (see Section <span class="delete">2.7</span> of [Part6]) receives a request</td><td> </td><td class="rblock"> When a shared cache (see Section <span class="insert">8</span> of [Part6]) receives a request</td><td class="lineno" valign="top"></td></tr> |
|---|
| 257 | <tr><td class="lineno" valign="top"></td><td class="left"> containing an Authorization field, it MUST NOT return the</td><td> </td><td class="right"> containing an Authorization field, it MUST NOT return the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 258 | <tr><td class="lineno" valign="top"></td><td class="left"> corresponding response as a reply to any other request, unless one of</td><td> </td><td class="right"> corresponding response as a reply to any other request, unless one of</td><td class="lineno" valign="top"></td></tr> |
|---|
| 259 | <tr><td class="lineno" valign="top"></td><td class="left"> the following specific exceptions holds:</td><td> </td><td class="right"> the following specific exceptions holds:</td><td class="lineno" valign="top"></td></tr> |
|---|
| 260 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 261 | <tr><td class="lineno" valign="top"></td><td class="left"> 1. If the response includes the "s-maxage" cache-control directive,</td><td> </td><td class="right"> 1. If the response includes the "s-maxage" cache-control directive,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 262 | <tr><td class="lineno" valign="top"></td><td class="left"> the cache MAY use that response in replying to a subsequent</td><td> </td><td class="right"> the cache MAY use that response in replying to a subsequent</td><td class="lineno" valign="top"></td></tr> |
|---|
| 263 | <tr><td class="lineno" valign="top"></td><td class="left"> request. But (if the specified maximum age has passed) a proxy</td><td> </td><td class="right"> request. But (if the specified maximum age has passed) a proxy</td><td class="lineno" valign="top"></td></tr> |
|---|
| 264 | <tr><td class="lineno" valign="top"></td><td class="left"> cache MUST first revalidate it with the origin server, using the</td><td> </td><td class="right"> cache MUST first revalidate it with the origin server, using the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 265 | <tr><td class="lineno" valign="top"></td><td class="left"> request-headers from the new request to allow the origin server</td><td> </td><td class="right"> request-headers from the new request to allow the origin server</td><td class="lineno" valign="top"></td></tr> |
|---|
| 266 | <tr><td class="lineno" valign="top"></td><td class="left"> to authenticate the new request. (This is the defined behavior</td><td> </td><td class="right"> to authenticate the new request. (This is the defined behavior</td><td class="lineno" valign="top"></td></tr> |
|---|
| 267 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 268 | <tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> page 7, line 30</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> page 7, line 46</em></th><td></td></tr> |
|---|
| 269 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 270 | <tr><td class="lineno" valign="top"></td><td class="left"> This section is meant to inform application developers, information</td><td> </td><td class="right"> This section is meant to inform application developers, information</td><td class="lineno" valign="top"></td></tr> |
|---|
| 271 | <tr><td class="lineno" valign="top"></td><td class="left"> providers, and users of the security limitations in HTTP/1.1 as</td><td> </td><td class="right"> providers, and users of the security limitations in HTTP/1.1 as</td><td class="lineno" valign="top"></td></tr> |
|---|
| 272 | <tr><td class="lineno" valign="top"></td><td class="left"> described by this document. The discussion does not include</td><td> </td><td class="right"> described by this document. The discussion does not include</td><td class="lineno" valign="top"></td></tr> |
|---|
| 273 | <tr><td class="lineno" valign="top"></td><td class="left"> definitive solutions to the problems revealed, though it does make</td><td> </td><td class="right"> definitive solutions to the problems revealed, though it does make</td><td class="lineno" valign="top"></td></tr> |
|---|
| 274 | <tr><td class="lineno" valign="top"></td><td class="left"> some suggestions for reducing security risks.</td><td> </td><td class="right"> some suggestions for reducing security risks.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 275 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 276 | <tr><td class="lineno" valign="top"></td><td class="left">5.1. Authentication Credentials and Idle Clients</td><td> </td><td class="right">5.1. Authentication Credentials and Idle Clients</td><td class="lineno" valign="top"></td></tr> |
|---|
| 277 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 278 | <tr><td class="lineno" valign="top"></td><td class="left"> Existing HTTP clients and user agents typically retain authentication</td><td> </td><td class="right"> Existing HTTP clients and user agents typically retain authentication</td><td class="lineno" valign="top"></td></tr> |
|---|
| 279 | <tr><td><a name="diff0017" /></td></tr> |
|---|
| 280 | <tr><td class="lineno" valign="top"></td><td class="lblock"> information indefinitely. HTTP/1.1<span class="delete">.</span> does not provide a method for a</td><td> </td><td class="rblock"> information indefinitely. HTTP/1.1 does not provide a method for a</td><td class="lineno" valign="top"></td></tr> |
|---|
| 281 | <tr><td class="lineno" valign="top"></td><td class="left"> server to direct clients to discard these cached credentials. This</td><td> </td><td class="right"> server to direct clients to discard these cached credentials. This</td><td class="lineno" valign="top"></td></tr> |
|---|
| 282 | <tr><td class="lineno" valign="top"></td><td class="left"> is a significant defect that requires further extensions to HTTP.</td><td> </td><td class="right"> is a significant defect that requires further extensions to HTTP.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 283 | <tr><td class="lineno" valign="top"></td><td class="left"> Circumstances under which credential caching can interfere with the</td><td> </td><td class="right"> Circumstances under which credential caching can interfere with the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 284 | <tr><td class="lineno" valign="top"></td><td class="left"> application's security model include but are not limited to:</td><td> </td><td class="right"> application's security model include but are not limited to:</td><td class="lineno" valign="top"></td></tr> |
|---|
| 285 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 286 | <tr><td class="lineno" valign="top"></td><td class="left"> o Clients which have been idle for an extended period following</td><td> </td><td class="right"> o Clients which have been idle for an extended period following</td><td class="lineno" valign="top"></td></tr> |
|---|
| 287 | <tr><td class="lineno" valign="top"></td><td class="left"> which the server might wish to cause the client to reprompt the</td><td> </td><td class="right"> which the server might wish to cause the client to reprompt the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 288 | <tr><td class="lineno" valign="top"></td><td class="left"> user for credentials.</td><td> </td><td class="right"> user for credentials.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 289 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 290 | <tr><td class="lineno" valign="top"></td><td class="left"> o Applications which include a session termination indication (such</td><td> </td><td class="right"> o Applications which include a session termination indication (such</td><td class="lineno" valign="top"></td></tr> |
|---|
| 291 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 292 | <tr bgcolor="gray" ><td></td><th><a name="part-l5" /><small>skipping to change at</small><em> page 8, line 8</em></th><th> </th><th><a name="part-r5" /><small>skipping to change at</small><em> page 8, line 25</em></th><td></td></tr> |
|---|
| 293 | <tr><td class="lineno" valign="top"></td><td class="left"> This is currently under separate study. There are a number of work-</td><td> </td><td class="right"> This is currently under separate study. There are a number of work-</td><td class="lineno" valign="top"></td></tr> |
|---|
| 294 | <tr><td class="lineno" valign="top"></td><td class="left"> arounds to parts of this problem, and we encourage the use of</td><td> </td><td class="right"> arounds to parts of this problem, and we encourage the use of</td><td class="lineno" valign="top"></td></tr> |
|---|
| 295 | <tr><td class="lineno" valign="top"></td><td class="left"> password protection in screen savers, idle time-outs, and other</td><td> </td><td class="right"> password protection in screen savers, idle time-outs, and other</td><td class="lineno" valign="top"></td></tr> |
|---|
| 296 | <tr><td class="lineno" valign="top"></td><td class="left"> methods which mitigate the security problems inherent in this</td><td> </td><td class="right"> methods which mitigate the security problems inherent in this</td><td class="lineno" valign="top"></td></tr> |
|---|
| 297 | <tr><td class="lineno" valign="top"></td><td class="left"> problem. In particular, user agents which cache credentials are</td><td> </td><td class="right"> problem. In particular, user agents which cache credentials are</td><td class="lineno" valign="top"></td></tr> |
|---|
| 298 | <tr><td class="lineno" valign="top"></td><td class="left"> encouraged to provide a readily accessible mechanism for discarding</td><td> </td><td class="right"> encouraged to provide a readily accessible mechanism for discarding</td><td class="lineno" valign="top"></td></tr> |
|---|
| 299 | <tr><td class="lineno" valign="top"></td><td class="left"> cached credentials under user control.</td><td> </td><td class="right"> cached credentials under user control.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 300 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 301 | <tr><td class="lineno" valign="top"></td><td class="left">6. Acknowledgments</td><td> </td><td class="right">6. Acknowledgments</td><td class="lineno" valign="top"></td></tr> |
|---|
| 302 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 303 | <tr><td><a name="diff0018" /></td></tr> |
|---|
| 304 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">Based on an XML translation of RFC 2616 by Julian Reschke</span>.</td><td> </td><td class="rblock"> <span class="insert">TBD</span>.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 305 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 306 | <tr><td class="lineno" valign="top"></td><td class="left">7. References</td><td> </td><td class="right">7. References</td><td class="lineno" valign="top"></td></tr> |
|---|
| 307 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 308 | <tr><td><a name="diff0019" /></td></tr> |
|---|
| 309 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">7.1. Normative References</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 310 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> |
|---|
| 311 | <tr><td class="lineno" valign="top"></td><td class="left"> [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,</td><td> </td><td class="right"> [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H.,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 312 | <tr><td><a name="diff0020" /></td></tr> |
|---|
| 313 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Masinter, L., Leach, P., <span class="delete">and T.</span> Berners-Lee, "HTTP/1.1,</td><td> </td><td class="rblock"> Masinter, L., Leach, P., Berners-Lee, <span class="insert">T., Lafon, Y., Ed.,</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 314 | <tr><td class="lineno" valign="top"></td><td class="lblock"> part 6: Caching", <span class="delete">draft-ietf-httpbis-p6-cache-00</span> (work in</td><td> </td><td class="rblock"><span class="insert"> and J. Reschke, Ed.,</span> "HTTP/1.1, part 6: Caching",</td><td class="lineno" valign="top"></td></tr> |
|---|
| 315 | <tr><td class="lineno" valign="top"></td><td class="lblock"> progress), <span class="delete">December 2007.</span></td><td> </td><td class="rblock"> <span class="insert">draft-ietf-httpbis-p6-cache-01</span> (work in progress),</td><td class="lineno" valign="top"></td></tr> |
|---|
| 316 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">January 2008.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 317 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 318 | <tr><td><a name="diff0021" /></td></tr> |
|---|
| 319 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">[RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,</span></td><td> </td><td class="rblock"> <span class="insert">[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 320 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext</span></td><td> </td><td class="rblock"><span class="insert"> Requirement Levels", BCP 14,</span> RFC <span class="insert">2119, March 1997.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 321 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> Transfer Protocol -- HTTP/1.1",</span> RFC <span class="delete">2616, June 1999.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 322 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 323 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,</td><td> </td><td class="right"> [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 324 | <tr><td class="lineno" valign="top"></td><td class="left"> Leach, P., Luotonen, A., and L. Stewart, "HTTP</td><td> </td><td class="right"> Leach, P., Luotonen, A., and L. Stewart, "HTTP</td><td class="lineno" valign="top"></td></tr> |
|---|
| 325 | <tr><td class="lineno" valign="top"></td><td class="left"> Authentication: Basic and Digest Access Authentication",</td><td> </td><td class="right"> Authentication: Basic and Digest Access Authentication",</td><td class="lineno" valign="top"></td></tr> |
|---|
| 326 | <tr><td class="lineno" valign="top"></td><td class="left"> RFC 2617, June 1999.</td><td> </td><td class="right"> RFC 2617, June 1999.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 327 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 328 | <tr><td><a name="diff0022" /></td></tr> |
|---|
| 329 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">7.2. Informative References</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 330 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 331 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 332 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 333 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 334 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 335 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">Appendix A. Compatibility with Previous Versions</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 336 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 337 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">A.1. Changes from RFC 2616</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 338 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 339 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">Appendix B. Change Log (to be removed by RFC Editor before publication)</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 340 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 341 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">B.1. Since RFC2616</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 342 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 343 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Extracted relevant partitions from [RFC2616].</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 344 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 345 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">B.2. Since draft-ietf-httpbis-p7-auth-00</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 346 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 347 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Closed issues:</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 348 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 349 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> o <http://www3.tools.ietf.org/wg/httpbis/trac/ticket/35>: "Normative</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 350 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> and Informative references"</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 351 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> |
|---|
| 352 | <tr><td class="lineno" valign="top"></td><td class="left">Index</td><td> </td><td class="right">Index</td><td class="lineno" valign="top"></td></tr> |
|---|
| 353 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 354 | <tr><td class="lineno" valign="top"></td><td class="left"> 4</td><td> </td><td class="right"> 4</td><td class="lineno" valign="top"></td></tr> |
|---|
| 355 | <tr><td class="lineno" valign="top"></td><td class="left"> 401 Unauthorized (status code) 4</td><td> </td><td class="right"> 401 Unauthorized (status code) 4</td><td class="lineno" valign="top"></td></tr> |
|---|
| 356 | <tr><td><a name="diff0023" /></td></tr> |
|---|
| 357 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 407 Proxy Authentication Required (status code) <span class="delete">4</span></td><td> </td><td class="rblock"> 407 Proxy Authentication Required (status code) <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 358 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 359 | <tr><td class="lineno" valign="top"></td><td class="left"> A</td><td> </td><td class="right"> A</td><td class="lineno" valign="top"></td></tr> |
|---|
| 360 | <tr><td class="lineno" valign="top"></td><td class="left"> Authorization header 5</td><td> </td><td class="right"> Authorization header 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 361 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 362 | <tr><td class="lineno" valign="top"></td><td class="left"> G</td><td> </td><td class="right"> G</td><td class="lineno" valign="top"></td></tr> |
|---|
| 363 | <tr><td class="lineno" valign="top"></td><td class="left"> Grammar</td><td> </td><td class="right"> Grammar</td><td class="lineno" valign="top"></td></tr> |
|---|
| 364 | <tr><td class="lineno" valign="top"></td><td class="left"> Authorization 5</td><td> </td><td class="right"> Authorization 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 365 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authenticate 6</td><td> </td><td class="right"> Proxy-Authenticate 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 366 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authorization 6</td><td> </td><td class="right"> Proxy-Authorization 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 367 | <tr><td class="lineno" valign="top"></td><td class="left"> WWW-Authenticate 7</td><td> </td><td class="right"> WWW-Authenticate 7</td><td class="lineno" valign="top"></td></tr> |
|---|
| 368 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 369 | <tr><td class="lineno" valign="top"></td><td class="left"> H</td><td> </td><td class="right"> H</td><td class="lineno" valign="top"></td></tr> |
|---|
| 370 | <tr><td class="lineno" valign="top"></td><td class="left"> Headers</td><td> </td><td class="right"> Headers</td><td class="lineno" valign="top"></td></tr> |
|---|
| 371 | <tr><td class="lineno" valign="top"></td><td class="left"> Authorization 5</td><td> </td><td class="right"> Authorization 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 372 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authenticate 6</td><td> </td><td class="right"> Proxy-Authenticate 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 373 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authorization 6</td><td> </td><td class="right"> Proxy-Authorization 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 374 | <tr><td><a name="diff0024" /></td></tr> |
|---|
| 375 | <tr><td class="lineno" valign="top"></td><td class="lblock"> WWW-Authenticate <span class="delete">6</span></td><td> </td><td class="rblock"> WWW-Authenticate <span class="insert">7</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 376 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> |
|---|
| 377 | <tr><td class="lineno" valign="top"></td><td class="left"> P</td><td> </td><td class="right"> P</td><td class="lineno" valign="top"></td></tr> |
|---|
| 378 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authenticate header 6</td><td> </td><td class="right"> Proxy-Authenticate header 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 379 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authorization header 6</td><td> </td><td class="right"> Proxy-Authorization header 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 380 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 381 | <tr><td class="lineno" valign="top"></td><td class="left"> S</td><td> </td><td class="right"> S</td><td class="lineno" valign="top"></td></tr> |
|---|
| 382 | <tr><td class="lineno" valign="top"></td><td class="left"> Status Codes</td><td> </td><td class="right"> Status Codes</td><td class="lineno" valign="top"></td></tr> |
|---|
| 383 | <tr><td class="lineno" valign="top"></td><td class="left"> 401 Unauthorized 4</td><td> </td><td class="right"> 401 Unauthorized 4</td><td class="lineno" valign="top"></td></tr> |
|---|
| 384 | <tr><td><a name="diff0025" /></td></tr> |
|---|
| 385 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 407 Proxy Authentication Required <span class="delete">4</span></td><td> </td><td class="rblock"> 407 Proxy Authentication Required <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 386 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 387 | <tr><td class="lineno" valign="top"></td><td class="left"> W</td><td> </td><td class="right"> W</td><td class="lineno" valign="top"></td></tr> |
|---|
| 388 | <tr><td><a name="diff0026" /></td></tr> |
|---|
| 389 | <tr><td class="lineno" valign="top"></td><td class="lblock"> WWW-Authenticate header <span class="delete">6</span></td><td> </td><td class="rblock"> WWW-Authenticate header <span class="insert">7</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 390 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 391 | <tr><td class="lineno" valign="top"></td><td class="left">Authors' Addresses</td><td> </td><td class="right">Authors' Addresses</td><td class="lineno" valign="top"></td></tr> |
|---|
| 392 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 393 | <tr><td class="lineno" valign="top"></td><td class="left"> Roy T. Fielding (editor)</td><td> </td><td class="right"> Roy T. Fielding (editor)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 394 | <tr><td class="lineno" valign="top"></td><td class="left"> Day Software</td><td> </td><td class="right"> Day Software</td><td class="lineno" valign="top"></td></tr> |
|---|
| 395 | <tr><td class="lineno" valign="top"></td><td class="left"> 23 Corporate Plaza DR, Suite 280</td><td> </td><td class="right"> 23 Corporate Plaza DR, Suite 280</td><td class="lineno" valign="top"></td></tr> |
|---|
| 396 | <tr><td class="lineno" valign="top"></td><td class="left"> Newport Beach, CA 92660</td><td> </td><td class="right"> Newport Beach, CA 92660</td><td class="lineno" valign="top"></td></tr> |
|---|
| 397 | <tr><td class="lineno" valign="top"></td><td class="left"> USA</td><td> </td><td class="right"> USA</td><td class="lineno" valign="top"></td></tr> |
|---|
| 398 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 399 | <tr><td class="lineno" valign="top"></td><td class="left"> Phone: +1-949-706-5300</td><td> </td><td class="right"> Phone: +1-949-706-5300</td><td class="lineno" valign="top"></td></tr> |
|---|
| 400 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 401 | <tr bgcolor="gray" ><td></td><th><a name="part-l6" /><small>skipping to change at</small><em> page 11, line 4</em></th><th> </th><th><a name="part-r6" /><small>skipping to change at</small><em> page 12, line 4</em></th><td></td></tr> |
|---|
| 402 | <tr><td class="lineno" valign="top"></td><td class="left"> Tim Berners-Lee</td><td> </td><td class="right"> Tim Berners-Lee</td><td class="lineno" valign="top"></td></tr> |
|---|
| 403 | <tr><td class="lineno" valign="top"></td><td class="left"> World Wide Web Consortium</td><td> </td><td class="right"> World Wide Web Consortium</td><td class="lineno" valign="top"></td></tr> |
|---|
| 404 | <tr><td class="lineno" valign="top"></td><td class="left"> MIT Computer Science and Artificial Intelligence Laboratory</td><td> </td><td class="right"> MIT Computer Science and Artificial Intelligence Laboratory</td><td class="lineno" valign="top"></td></tr> |
|---|
| 405 | <tr><td class="lineno" valign="top"></td><td class="left"> The Stata Center, Building 32</td><td> </td><td class="right"> The Stata Center, Building 32</td><td class="lineno" valign="top"></td></tr> |
|---|
| 406 | <tr><td class="lineno" valign="top"></td><td class="left"> 32 Vassar Street</td><td> </td><td class="right"> 32 Vassar Street</td><td class="lineno" valign="top"></td></tr> |
|---|
| 407 | <tr><td class="lineno" valign="top"></td><td class="left"> Cambridge, MA 02139</td><td> </td><td class="right"> Cambridge, MA 02139</td><td class="lineno" valign="top"></td></tr> |
|---|
| 408 | <tr><td class="lineno" valign="top"></td><td class="left"> USA</td><td> </td><td class="right"> USA</td><td class="lineno" valign="top"></td></tr> |
|---|
| 409 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 410 | <tr><td class="lineno" valign="top"></td><td class="left"> Email: timbl@w3.org</td><td> </td><td class="right"> Email: timbl@w3.org</td><td class="lineno" valign="top"></td></tr> |
|---|
| 411 | <tr><td class="lineno" valign="top"></td><td class="left"> URI: http://www.w3.org/People/Berners-Lee/</td><td> </td><td class="right"> URI: http://www.w3.org/People/Berners-Lee/</td><td class="lineno" valign="top"></td></tr> |
|---|
| 412 | <tr><td><a name="diff0027" /></td></tr> |
|---|
| 413 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">Yves Lafon (editor)</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 414 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> World Wide Web Consortium</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 415 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> W3C / ERCIM</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 416 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> 2004, rte des Lucioles</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 417 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Sophia-Antipolis, AM 06902</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 418 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> France</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 419 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 420 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Email: ylafon@w3.org</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 421 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> URI: http://www.raubacapeu.net/people/yves/</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 422 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 423 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Julian F. Reschke (editor)</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 424 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> greenbytes GmbH</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 425 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Hafenweg 16</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 426 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Muenster, NW 48155</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 427 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Germany</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 428 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 429 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Phone: +49 251 2807760</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 430 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Fax: +49 251 2807761</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 431 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Email: julian.reschke@greenbytes.de</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 432 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> URI: http://greenbytes.de/tech/webdav/</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 433 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 434 | <tr><td class="lineno" valign="top"></td><td class="left">Full Copyright Statement</td><td> </td><td class="right">Full Copyright Statement</td><td class="lineno" valign="top"></td></tr> |
|---|
| 435 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 436 | <tr><td><a name="diff0028" /></td></tr> |
|---|
| 437 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Copyright (C) The IETF Trust (200<span class="delete">7</span>).</td><td> </td><td class="rblock"> Copyright (C) The IETF Trust (200<span class="insert">8</span>).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 438 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 439 | <tr><td class="lineno" valign="top"></td><td class="left"> This document is subject to the rights, licenses and restrictions</td><td> </td><td class="right"> This document is subject to the rights, licenses and restrictions</td><td class="lineno" valign="top"></td></tr> |
|---|
| 440 | <tr><td class="lineno" valign="top"></td><td class="left"> contained in BCP 78, and except as set forth therein, the authors</td><td> </td><td class="right"> contained in BCP 78, and except as set forth therein, the authors</td><td class="lineno" valign="top"></td></tr> |
|---|
| 441 | <tr><td class="lineno" valign="top"></td><td class="left"> retain all their rights.</td><td> </td><td class="right"> retain all their rights.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 442 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 443 | <tr><td class="lineno" valign="top"></td><td class="left"> This document and the information contained herein are provided on an</td><td> </td><td class="right"> This document and the information contained herein are provided on an</td><td class="lineno" valign="top"></td></tr> |
|---|
| 444 | <tr><td class="lineno" valign="top"></td><td class="left"> "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS</td><td> </td><td class="right"> "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS</td><td class="lineno" valign="top"></td></tr> |
|---|
| 445 | <tr><td class="lineno" valign="top"></td><td class="left"> OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND</td><td> </td><td class="right"> OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND</td><td class="lineno" valign="top"></td></tr> |
|---|
| 446 | <tr><td class="lineno" valign="top"></td><td class="left"> THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS</td><td> </td><td class="right"> THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS</td><td class="lineno" valign="top"></td></tr> |
|---|
| 447 | <tr><td class="lineno" valign="top"></td><td class="left"> OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF</td><td> </td><td class="right"> OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF</td><td class="lineno" valign="top"></td></tr> |
|---|
| 448 | |
|---|
| 449 | <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr> |
|---|
| 450 | <tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 28 change blocks. </a></th></tr> |
|---|
| 451 | <tr class="stats"><td></td><th><i>50 lines changed or deleted</i></th><th><i> </i></th><th><i>119 lines changed or added</i></th><td></td></tr> |
|---|
| 452 | <tr><td colspan="5" align="center" class="small"><br/>This html diff was produced by rfcdiff 1.34. The latest version is available from <a href="http://www.tools.ietf.org/tools/rfcdiff/" >http://tools.ietf.org/tools/rfcdiff/</a> </td></tr> |
|---|
| 453 | </table> |
|---|
| 454 | </body> |
|---|
| 455 | </html> |
|---|
![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
