| 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
|---|
| 2 | <!-- Generated by rfcdiff 1.38: rfcdiff --> |
|---|
| 3 | <!-- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional" > --> |
|---|
| 4 | <html> |
|---|
| 5 | <head> |
|---|
| 6 | <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> |
|---|
| 7 | <meta http-equiv="Content-Style-Type" content="text/css" /> |
|---|
| 8 | <title>Diff: draft-ietf-httpbis-p7-auth-21.txt - draft-ietf-httpbis-p7-auth-22.txt</title> |
|---|
| 9 | <style type="text/css"> |
|---|
| 10 | body { margin: 0.4ex; margin-right: auto; } |
|---|
| 11 | tr { } |
|---|
| 12 | td { white-space: pre; font-family: monospace; vertical-align: top; font-size: 0.86em;} |
|---|
| 13 | th { font-size: 0.86em; } |
|---|
| 14 | .small { font-size: 0.6em; font-style: italic; font-family: Verdana, Helvetica, sans-serif; } |
|---|
| 15 | .left { background-color: #EEE; } |
|---|
| 16 | .right { background-color: #FFF; } |
|---|
| 17 | .diff { background-color: #CCF; } |
|---|
| 18 | .lblock { background-color: #BFB; } |
|---|
| 19 | .rblock { background-color: #FF8; } |
|---|
| 20 | .insert { background-color: #8FF; } |
|---|
| 21 | .delete { background-color: #ACF; } |
|---|
| 22 | .void { background-color: #FFB; } |
|---|
| 23 | .cont { background-color: #EEE; } |
|---|
| 24 | .linebr { background-color: #AAA; } |
|---|
| 25 | .lineno { color: red; background-color: #FFF; font-size: 0.7em; text-align: right; padding: 0 2px; } |
|---|
| 26 | .elipsis{ background-color: #AAA; } |
|---|
| 27 | .left .cont { background-color: #DDD; } |
|---|
| 28 | .right .cont { background-color: #EEE; } |
|---|
| 29 | .lblock .cont { background-color: #9D9; } |
|---|
| 30 | .rblock .cont { background-color: #DD6; } |
|---|
| 31 | .insert .cont { background-color: #0DD; } |
|---|
| 32 | .delete .cont { background-color: #8AD; } |
|---|
| 33 | .stats, .stats td, .stats th { background-color: #EEE; padding: 2px 0; } |
|---|
| 34 | </style> |
|---|
| 35 | </head> |
|---|
| 36 | <body > |
|---|
| 37 | <table border="0" cellpadding="0" cellspacing="0"> |
|---|
| 38 | <tr bgcolor="orange"><th></th><th> draft-ietf-httpbis-p7-auth-21.txt </th><th> </th><th> draft-ietf-httpbis-p7-auth-22.txt </th><th></th></tr> |
|---|
| 39 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 40 | <tr><td class="lineno" valign="top"></td><td class="left">HTTPbis Working Group R. Fielding, Ed.</td><td> </td><td class="right">HTTPbis Working Group R. Fielding, Ed.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 41 | <tr><td class="lineno" valign="top"></td><td class="left">Internet-Draft Adobe</td><td> </td><td class="right">Internet-Draft Adobe</td><td class="lineno" valign="top"></td></tr> |
|---|
| 42 | <tr><td class="lineno" valign="top"></td><td class="left">Obsoletes: 2616 (if approved) J. Reschke, Ed.</td><td> </td><td class="right">Obsoletes: 2616 (if approved) J. Reschke, Ed.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 43 | <tr><td class="lineno" valign="top"></td><td class="left">Updates: 2617 (if approved) greenbytes</td><td> </td><td class="right">Updates: 2617 (if approved) greenbytes</td><td class="lineno" valign="top"></td></tr> |
|---|
| 44 | <tr><td><a name="diff0001" /></td></tr> |
|---|
| 45 | <tr><td class="lineno" valign="top"></td><td class="lblock">Intended status: Standards Track <span class="delete">October 4, 2012</span></td><td> </td><td class="rblock">Intended status: Standards Track <span class="insert">February 23, 2013</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 46 | <tr><td class="lineno" valign="top"></td><td class="lblock">Expires: <span class="delete">April 7,</span> 2013</td><td> </td><td class="rblock">Expires: <span class="insert">August 27,</span> 2013</td><td class="lineno" valign="top"></td></tr> |
|---|
| 47 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 48 | <tr><td class="lineno" valign="top"></td><td class="left"> Hypertext Transfer Protocol (HTTP/1.1): Authentication</td><td> </td><td class="right"> Hypertext Transfer Protocol (HTTP/1.1): Authentication</td><td class="lineno" valign="top"></td></tr> |
|---|
| 49 | <tr><td><a name="diff0002" /></td></tr> |
|---|
| 50 | <tr><td class="lineno" valign="top"></td><td class="lblock"> draft-ietf-httpbis-p7-auth-2<span class="delete">1</span></td><td> </td><td class="rblock"> draft-ietf-httpbis-p7-auth-2<span class="insert">2</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 51 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 52 | <tr><td class="lineno" valign="top"></td><td class="left">Abstract</td><td> </td><td class="right">Abstract</td><td class="lineno" valign="top"></td></tr> |
|---|
| 53 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 54 | <tr><td class="lineno" valign="top"></td><td class="left"> The Hypertext Transfer Protocol (HTTP) is an application-level</td><td> </td><td class="right"> The Hypertext Transfer Protocol (HTTP) is an application-level</td><td class="lineno" valign="top"></td></tr> |
|---|
| 55 | <tr><td class="lineno" valign="top"></td><td class="left"> protocol for distributed, collaborative, hypermedia information</td><td> </td><td class="right"> protocol for distributed, collaborative, hypermedia information</td><td class="lineno" valign="top"></td></tr> |
|---|
| 56 | <tr><td class="lineno" valign="top"></td><td class="left"> systems. This document defines the HTTP Authentication framework.</td><td> </td><td class="right"> systems. This document defines the HTTP Authentication framework.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 57 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 58 | <tr><td class="lineno" valign="top"></td><td class="left">Editorial Note (To be removed by RFC Editor)</td><td> </td><td class="right">Editorial Note (To be removed by RFC Editor)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 59 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 60 | <tr><td class="lineno" valign="top"></td><td class="left"> Discussion of this draft takes place on the HTTPBIS working group</td><td> </td><td class="right"> Discussion of this draft takes place on the HTTPBIS working group</td><td class="lineno" valign="top"></td></tr> |
|---|
| 61 | <tr><td class="lineno" valign="top"></td><td class="left"> mailing list (ietf-http-wg@w3.org), which is archived at</td><td> </td><td class="right"> mailing list (ietf-http-wg@w3.org), which is archived at</td><td class="lineno" valign="top"></td></tr> |
|---|
| 62 | <tr><td class="lineno" valign="top"></td><td class="left"> <http://lists.w3.org/Archives/Public/ietf-http-wg/>.</td><td> </td><td class="right"> <http://lists.w3.org/Archives/Public/ietf-http-wg/>.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 63 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 64 | <tr><td class="lineno" valign="top"></td><td class="left"> The current issues list is at</td><td> </td><td class="right"> The current issues list is at</td><td class="lineno" valign="top"></td></tr> |
|---|
| 65 | <tr><td class="lineno" valign="top"></td><td class="left"> <http://tools.ietf.org/wg/httpbis/trac/report/3> and related</td><td> </td><td class="right"> <http://tools.ietf.org/wg/httpbis/trac/report/3> and related</td><td class="lineno" valign="top"></td></tr> |
|---|
| 66 | <tr><td class="lineno" valign="top"></td><td class="left"> documents (including fancy diffs) can be found at</td><td> </td><td class="right"> documents (including fancy diffs) can be found at</td><td class="lineno" valign="top"></td></tr> |
|---|
| 67 | <tr><td class="lineno" valign="top"></td><td class="left"> <http://tools.ietf.org/wg/httpbis/>.</td><td> </td><td class="right"> <http://tools.ietf.org/wg/httpbis/>.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 68 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 69 | <tr><td><a name="diff0003" /></td></tr> |
|---|
| 70 | <tr><td class="lineno" valign="top"></td><td class="lblock"> The changes in this draft are summarized in Appendix D.<span class="delete">2</span>.</td><td> </td><td class="rblock"> The changes in this draft are summarized in Appendix D.<span class="insert">3</span>.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 71 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 72 | <tr><td class="lineno" valign="top"></td><td class="left">Status of This Memo</td><td> </td><td class="right">Status of This Memo</td><td class="lineno" valign="top"></td></tr> |
|---|
| 73 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 74 | <tr><td class="lineno" valign="top"></td><td class="left"> This Internet-Draft is submitted in full conformance with the</td><td> </td><td class="right"> This Internet-Draft is submitted in full conformance with the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 75 | <tr><td class="lineno" valign="top"></td><td class="left"> provisions of BCP 78 and BCP 79.</td><td> </td><td class="right"> provisions of BCP 78 and BCP 79.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 76 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 77 | <tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are working documents of the Internet Engineering</td><td> </td><td class="right"> Internet-Drafts are working documents of the Internet Engineering</td><td class="lineno" valign="top"></td></tr> |
|---|
| 78 | <tr><td class="lineno" valign="top"></td><td class="left"> Task Force (IETF). Note that other groups may also distribute</td><td> </td><td class="right"> Task Force (IETF). Note that other groups may also distribute</td><td class="lineno" valign="top"></td></tr> |
|---|
| 79 | <tr><td class="lineno" valign="top"></td><td class="left"> working documents as Internet-Drafts. The list of current Internet-</td><td> </td><td class="right"> working documents as Internet-Drafts. The list of current Internet-</td><td class="lineno" valign="top"></td></tr> |
|---|
| 80 | <tr><td class="lineno" valign="top"></td><td class="left"> Drafts is at http://datatracker.ietf.org/drafts/current/.</td><td> </td><td class="right"> Drafts is at http://datatracker.ietf.org/drafts/current/.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 81 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 82 | <tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are draft documents valid for a maximum of six months</td><td> </td><td class="right"> Internet-Drafts are draft documents valid for a maximum of six months</td><td class="lineno" valign="top"></td></tr> |
|---|
| 83 | <tr><td class="lineno" valign="top"></td><td class="left"> and may be updated, replaced, or obsoleted by other documents at any</td><td> </td><td class="right"> and may be updated, replaced, or obsoleted by other documents at any</td><td class="lineno" valign="top"></td></tr> |
|---|
| 84 | <tr><td class="lineno" valign="top"></td><td class="left"> time. It is inappropriate to use Internet-Drafts as reference</td><td> </td><td class="right"> time. It is inappropriate to use Internet-Drafts as reference</td><td class="lineno" valign="top"></td></tr> |
|---|
| 85 | <tr><td class="lineno" valign="top"></td><td class="left"> material or to cite them other than as "work in progress."</td><td> </td><td class="right"> material or to cite them other than as "work in progress."</td><td class="lineno" valign="top"></td></tr> |
|---|
| 86 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 87 | <tr><td><a name="diff0004" /></td></tr> |
|---|
| 88 | <tr><td class="lineno" valign="top"></td><td class="lblock"> This Internet-Draft will expire on A<span class="delete">pril </span>7, 2013.</td><td> </td><td class="rblock"> This Internet-Draft will expire on A<span class="insert">ugust 2</span>7, 2013.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 89 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 90 | <tr><td class="lineno" valign="top"></td><td class="left">Copyright Notice</td><td> </td><td class="right">Copyright Notice</td><td class="lineno" valign="top"></td></tr> |
|---|
| 91 | <tr><td><a name="diff0005" /></td></tr> |
|---|
| 92 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Copyright (c) 201<span class="delete">2</span> IETF Trust and the persons identified as the</td><td> </td><td class="rblock"> Copyright (c) 201<span class="insert">3</span> IETF Trust and the persons identified as the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 93 | <tr><td class="lineno" valign="top"></td><td class="left"> document authors. All rights reserved.</td><td> </td><td class="right"> document authors. All rights reserved.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 94 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 95 | <tr><td class="lineno" valign="top"></td><td class="left"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td class="right"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td class="lineno" valign="top"></td></tr> |
|---|
| 96 | <tr><td class="lineno" valign="top"></td><td class="left"> Provisions Relating to IETF Documents</td><td> </td><td class="right"> Provisions Relating to IETF Documents</td><td class="lineno" valign="top"></td></tr> |
|---|
| 97 | <tr><td class="lineno" valign="top"></td><td class="left"> (http://trustee.ietf.org/license-info) in effect on the date of</td><td> </td><td class="right"> (http://trustee.ietf.org/license-info) in effect on the date of</td><td class="lineno" valign="top"></td></tr> |
|---|
| 98 | <tr><td class="lineno" valign="top"></td><td class="left"> publication of this document. Please review these documents</td><td> </td><td class="right"> publication of this document. Please review these documents</td><td class="lineno" valign="top"></td></tr> |
|---|
| 99 | <tr><td class="lineno" valign="top"></td><td class="left"> carefully, as they describe your rights and restrictions with respect</td><td> </td><td class="right"> carefully, as they describe your rights and restrictions with respect</td><td class="lineno" valign="top"></td></tr> |
|---|
| 100 | <tr><td class="lineno" valign="top"></td><td class="left"> to this document. Code Components extracted from this document must</td><td> </td><td class="right"> to this document. Code Components extracted from this document must</td><td class="lineno" valign="top"></td></tr> |
|---|
| 101 | <tr><td class="lineno" valign="top"></td><td class="left"> include Simplified BSD License text as described in Section 4.e of</td><td> </td><td class="right"> include Simplified BSD License text as described in Section 4.e of</td><td class="lineno" valign="top"></td></tr> |
|---|
| 102 | <tr><td class="lineno" valign="top"></td><td class="left"> the Trust Legal Provisions and are provided without warranty as</td><td> </td><td class="right"> the Trust Legal Provisions and are provided without warranty as</td><td class="lineno" valign="top"></td></tr> |
|---|
| 103 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 104 | <tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> page 3, line 22</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> page 3, line 22</em></th><td></td></tr> |
|---|
| 105 | <tr><td class="lineno" valign="top"></td><td class="left"> 2.2. Protection Space (Realm) . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 2.2. Protection Space (Realm) . . . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 106 | <tr><td class="lineno" valign="top"></td><td class="left"> 2.3. Authentication Scheme Registry . . . . . . . . . . . . . . 7</td><td> </td><td class="right"> 2.3. Authentication Scheme Registry . . . . . . . . . . . . . . 7</td><td class="lineno" valign="top"></td></tr> |
|---|
| 107 | <tr><td class="lineno" valign="top"></td><td class="left"> 2.3.1. Considerations for New Authentication Schemes . . . . 7</td><td> </td><td class="right"> 2.3.1. Considerations for New Authentication Schemes . . . . 7</td><td class="lineno" valign="top"></td></tr> |
|---|
| 108 | <tr><td class="lineno" valign="top"></td><td class="left"> 3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 9</td><td> </td><td class="right"> 3. Status Code Definitions . . . . . . . . . . . . . . . . . . . 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 109 | <tr><td class="lineno" valign="top"></td><td class="left"> 3.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 9</td><td> </td><td class="right"> 3.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 110 | <tr><td class="lineno" valign="top"></td><td class="left"> 3.2. 407 Proxy Authentication Required . . . . . . . . . . . . 9</td><td> </td><td class="right"> 3.2. 407 Proxy Authentication Required . . . . . . . . . . . . 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 111 | <tr><td class="lineno" valign="top"></td><td class="left"> 4. Header Field Definitions . . . . . . . . . . . . . . . . . . . 9</td><td> </td><td class="right"> 4. Header Field Definitions . . . . . . . . . . . . . . . . . . . 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 112 | <tr><td class="lineno" valign="top"></td><td class="left"> 4.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 9</td><td> </td><td class="right"> 4.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 113 | <tr><td class="lineno" valign="top"></td><td class="left"> 4.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 4.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 10</td><td class="lineno" valign="top"></td></tr> |
|---|
| 114 | <tr><td class="lineno" valign="top"></td><td class="left"> 4.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 10</td><td> </td><td class="right"> 4.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 10</td><td class="lineno" valign="top"></td></tr> |
|---|
| 115 | <tr><td><a name="diff0006" /></td></tr> |
|---|
| 116 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 4.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . <span class="delete">11</span></td><td> </td><td class="rblock"> 4.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . <span class="insert">10</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 117 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . <span class="delete">12</span></td><td> </td><td class="rblock"> 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . <span class="insert">11</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 118 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 5.1. Authentication Scheme Registry . . . . . . . . . . . . . . <span class="delete">12</span></td><td> </td><td class="rblock"> 5.1. Authentication Scheme Registry . . . . . . . . . . . . . . <span class="insert">11</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 119 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 5.2. Status Code Registration . . . . . . . . . . . . . . . . . <span class="delete">12</span></td><td> </td><td class="rblock"> 5.2. Status Code Registration . . . . . . . . . . . . . . . . . <span class="insert">11</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 120 | <tr><td class="lineno" valign="top"></td><td class="left"> 5.3. Header Field Registration . . . . . . . . . . . . . . . . 12</td><td> </td><td class="right"> 5.3. Header Field Registration . . . . . . . . . . . . . . . . 12</td><td class="lineno" valign="top"></td></tr> |
|---|
| 121 | <tr><td class="lineno" valign="top"></td><td class="left"> 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12</td><td> </td><td class="right"> 6. Security Considerations . . . . . . . . . . . . . . . . . . . 12</td><td class="lineno" valign="top"></td></tr> |
|---|
| 122 | <tr><td><a name="diff0007" /></td></tr> |
|---|
| 123 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 6.1. Authentication Credentials and Idle Clients . . . . . . . 1<span class="delete">3</span></td><td> </td><td class="rblock"> 6.1. Authentication Credentials and Idle Clients . . . . . . . 1<span class="insert">2</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 124 | <tr><td class="lineno" valign="top"></td><td class="left"> 6.2. Protection Spaces . . . . . . . . . . . . . . . . . . . . 13</td><td> </td><td class="right"> 6.2. Protection Spaces . . . . . . . . . . . . . . . . . . . . 13</td><td class="lineno" valign="top"></td></tr> |
|---|
| 125 | <tr><td class="lineno" valign="top"></td><td class="left"> 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13</td><td> </td><td class="right"> 7. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 13</td><td class="lineno" valign="top"></td></tr> |
|---|
| 126 | <tr><td><a name="diff0008" /></td></tr> |
|---|
| 127 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock"> 8. References . . . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 128 | <tr><td class="lineno" valign="top"></td><td class="lblock"> 8.1. Normative References . . . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock"> 8.1. Normative References . . . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 129 | <tr><td class="lineno" valign="top"></td><td class="left"> 8.2. Informative References . . . . . . . . . . . . . . . . . . 14</td><td> </td><td class="right"> 8.2. Informative References . . . . . . . . . . . . . . . . . . 14</td><td class="lineno" valign="top"></td></tr> |
|---|
| 130 | <tr><td><a name="diff0009" /></td></tr> |
|---|
| 131 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Appendix A. Changes from RFCs 2616 and 2617 . . . . . . . . . . . 1<span class="delete">5</span></td><td> </td><td class="rblock"> Appendix A. Changes from RFCs 2616 and 2617 . . . . . . . . . . . 1<span class="insert">4</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 132 | <tr><td class="lineno" valign="top"></td><td class="left"> Appendix B. Imported ABNF . . . . . . . . . . . . . . . . . . . . 15</td><td> </td><td class="right"> Appendix B. Imported ABNF . . . . . . . . . . . . . . . . . . . . 15</td><td class="lineno" valign="top"></td></tr> |
|---|
| 133 | <tr><td class="lineno" valign="top"></td><td class="left"> Appendix C. Collected ABNF . . . . . . . . . . . . . . . . . . . 16</td><td> </td><td class="right"> Appendix C. Collected ABNF . . . . . . . . . . . . . . . . . . . 16</td><td class="lineno" valign="top"></td></tr> |
|---|
| 134 | <tr><td class="lineno" valign="top"></td><td class="left"> Appendix D. Change Log (to be removed by RFC Editor before</td><td> </td><td class="right"> Appendix D. Change Log (to be removed by RFC Editor before</td><td class="lineno" valign="top"></td></tr> |
|---|
| 135 | <tr><td class="lineno" valign="top"></td><td class="left"> publication) . . . . . . . . . . . . . . . . . . . . 16</td><td> </td><td class="right"> publication) . . . . . . . . . . . . . . . . . . . . 16</td><td class="lineno" valign="top"></td></tr> |
|---|
| 136 | <tr><td class="lineno" valign="top"></td><td class="left"> D.1. Since draft-ietf-httpbis-p7-auth-19 . . . . . . . . . . . 16</td><td> </td><td class="right"> D.1. Since draft-ietf-httpbis-p7-auth-19 . . . . . . . . . . . 16</td><td class="lineno" valign="top"></td></tr> |
|---|
| 137 | <tr><td class="lineno" valign="top"></td><td class="left"> D.2. Since draft-ietf-httpbis-p7-auth-20 . . . . . . . . . . . 17</td><td> </td><td class="right"> D.2. Since draft-ietf-httpbis-p7-auth-20 . . . . . . . . . . . 17</td><td class="lineno" valign="top"></td></tr> |
|---|
| 138 | <tr><td><a name="diff0010" /></td></tr> |
|---|
| 139 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> D.3. Since draft-ietf-httpbis-p7-auth-21 . . . . . . . . . . . 17</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 140 | <tr><td class="lineno" valign="top"></td><td class="left"> Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17</td><td> </td><td class="right"> Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17</td><td class="lineno" valign="top"></td></tr> |
|---|
| 141 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 142 | <tr><td class="lineno" valign="top"></td><td class="left">1. Introduction</td><td> </td><td class="right">1. Introduction</td><td class="lineno" valign="top"></td></tr> |
|---|
| 143 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 144 | <tr><td class="lineno" valign="top"></td><td class="left"> This document defines HTTP/1.1 access control and authentication. It</td><td> </td><td class="right"> This document defines HTTP/1.1 access control and authentication. It</td><td class="lineno" valign="top"></td></tr> |
|---|
| 145 | <tr><td class="lineno" valign="top"></td><td class="left"> includes the relevant parts of RFC 2616 with only minor changes</td><td> </td><td class="right"> includes the relevant parts of RFC 2616 with only minor changes</td><td class="lineno" valign="top"></td></tr> |
|---|
| 146 | <tr><td class="lineno" valign="top"></td><td class="left"> ([RFC2616]), plus the general framework for HTTP authentication, as</td><td> </td><td class="right"> ([RFC2616]), plus the general framework for HTTP authentication, as</td><td class="lineno" valign="top"></td></tr> |
|---|
| 147 | <tr><td class="lineno" valign="top"></td><td class="left"> previously defined in "HTTP Authentication: Basic and Digest Access</td><td> </td><td class="right"> previously defined in "HTTP Authentication: Basic and Digest Access</td><td class="lineno" valign="top"></td></tr> |
|---|
| 148 | <tr><td class="lineno" valign="top"></td><td class="left"> Authentication" ([RFC2617]).</td><td> </td><td class="right"> Authentication" ([RFC2617]).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 149 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 150 | <tr><td class="lineno" valign="top"></td><td class="left"> HTTP provides several OPTIONAL challenge-response authentication</td><td> </td><td class="right"> HTTP provides several OPTIONAL challenge-response authentication</td><td class="lineno" valign="top"></td></tr> |
|---|
| 151 | <tr><td><a name="diff0011" /></td></tr> |
|---|
| 152 | <tr><td class="lineno" valign="top"></td><td class="lblock"> mechanisms <span class="delete">which</span> can be used by a server to challenge a client</td><td> </td><td class="rblock"> mechanisms <span class="insert">that</span> can be used by a server to challenge a client request</td><td class="lineno" valign="top"></td></tr> |
|---|
| 153 | <tr><td class="lineno" valign="top"></td><td class="lblock"> request and by a client to provide authentication information. The</td><td> </td><td class="rblock"> and by a client to provide authentication information. The "basic"</td><td class="lineno" valign="top"></td></tr> |
|---|
| 154 | <tr><td class="lineno" valign="top"></td><td class="lblock"> "basic" and "digest" authentication schemes continue to be specified</td><td> </td><td class="rblock"> and "digest" authentication schemes continue to be specified in RFC</td><td class="lineno" valign="top"></td></tr> |
|---|
| 155 | <tr><td class="lineno" valign="top"></td><td class="lblock"> in RFC 2617.</td><td> </td><td class="rblock"> 2617.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 156 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 157 | <tr><td class="lineno" valign="top"></td><td class="left">1.1. Conformance and Error Handling</td><td> </td><td class="right">1.1. Conformance and Error Handling</td><td class="lineno" valign="top"></td></tr> |
|---|
| 158 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 159 | <tr><td class="lineno" valign="top"></td><td class="left"> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td> </td><td class="right"> The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",</td><td class="lineno" valign="top"></td></tr> |
|---|
| 160 | <tr><td class="lineno" valign="top"></td><td class="left"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this</td><td> </td><td class="right"> "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this</td><td class="lineno" valign="top"></td></tr> |
|---|
| 161 | <tr><td class="lineno" valign="top"></td><td class="left"> document are to be interpreted as described in [RFC2119].</td><td> </td><td class="right"> document are to be interpreted as described in [RFC2119].</td><td class="lineno" valign="top"></td></tr> |
|---|
| 162 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 163 | <tr><td class="lineno" valign="top"></td><td class="left"> Conformance criteria and considerations regarding error handling are</td><td> </td><td class="right"> Conformance criteria and considerations regarding error handling are</td><td class="lineno" valign="top"></td></tr> |
|---|
| 164 | <tr><td class="lineno" valign="top"></td><td class="left"> defined in Section 2.5 of [Part1].</td><td> </td><td class="right"> defined in Section 2.5 of [Part1].</td><td class="lineno" valign="top"></td></tr> |
|---|
| 165 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 166 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 167 | <tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> page 6, line 15</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> page 6, line 15</em></th><td></td></tr> |
|---|
| 168 | <tr><td class="lineno" valign="top"></td><td class="left"> (possibly at some point in the past). When creating their values,</td><td> </td><td class="right"> (possibly at some point in the past). When creating their values,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 169 | <tr><td class="lineno" valign="top"></td><td class="left"> the user agent ought to do so by selecting the challenge with what it</td><td> </td><td class="right"> the user agent ought to do so by selecting the challenge with what it</td><td class="lineno" valign="top"></td></tr> |
|---|
| 170 | <tr><td class="lineno" valign="top"></td><td class="left"> considers to be the most secure auth-scheme that it understands,</td><td> </td><td class="right"> considers to be the most secure auth-scheme that it understands,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 171 | <tr><td class="lineno" valign="top"></td><td class="left"> obtaining credentials from the user as appropriate.</td><td> </td><td class="right"> obtaining credentials from the user as appropriate.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 172 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 173 | <tr><td class="lineno" valign="top"></td><td class="left"> credentials = auth-scheme [ 1*SP ( token68 / #auth-param ) ]</td><td> </td><td class="right"> credentials = auth-scheme [ 1*SP ( token68 / #auth-param ) ]</td><td class="lineno" valign="top"></td></tr> |
|---|
| 174 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 175 | <tr><td class="lineno" valign="top"></td><td class="left"> Upon a request for a protected resource that omits credentials,</td><td> </td><td class="right"> Upon a request for a protected resource that omits credentials,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 176 | <tr><td class="lineno" valign="top"></td><td class="left"> contains invalid credentials (e.g., a bad password) or partial</td><td> </td><td class="right"> contains invalid credentials (e.g., a bad password) or partial</td><td class="lineno" valign="top"></td></tr> |
|---|
| 177 | <tr><td class="lineno" valign="top"></td><td class="left"> credentials (e.g., when the authentication scheme requires more than</td><td> </td><td class="right"> credentials (e.g., when the authentication scheme requires more than</td><td class="lineno" valign="top"></td></tr> |
|---|
| 178 | <tr><td><a name="diff0012" /></td></tr> |
|---|
| 179 | <tr><td class="lineno" valign="top"></td><td class="lblock"> one round trip), an origin server SHOULD <span class="delete">return</span> a 401 (Unauthorized)</td><td> </td><td class="rblock"> one round trip), an origin server SHOULD <span class="insert">send</span> a 401 (Unauthorized)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 180 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">response. Such responses MUST include</span> a WWW-Authenticate header</td><td> </td><td class="rblock"> <span class="insert">response that contains</span> a WWW-Authenticate header field <span class="insert">with</span> at least</td><td class="lineno" valign="top"></td></tr> |
|---|
| 181 | <tr><td class="lineno" valign="top"></td><td class="lblock"> field <span class="delete">containing</span> at least one (possibly new) challenge applicable to</td><td> </td><td class="rblock"> one (possibly new) challenge applicable to the requested resource.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 182 | <tr><td class="lineno" valign="top"></td><td class="lblock"> the requested resource.</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 183 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 184 | <tr><td class="lineno" valign="top"></td><td class="left"> Likewise, upon a request that requires authentication by proxies that</td><td> </td><td class="right"> Likewise, upon a request that requires authentication by proxies that</td><td class="lineno" valign="top"></td></tr> |
|---|
| 185 | <tr><td class="lineno" valign="top"></td><td class="left"> omit credentials or contain invalid or partial credentials, a proxy</td><td> </td><td class="right"> omit credentials or contain invalid or partial credentials, a proxy</td><td class="lineno" valign="top"></td></tr> |
|---|
| 186 | <tr><td><a name="diff0013" /></td></tr> |
|---|
| 187 | <tr><td class="lineno" valign="top"></td><td class="lblock"> SHOULD <span class="delete">return</span> a 407 (Proxy Authentication Required) <span class="delete">response. Such</span></td><td> </td><td class="rblock"> SHOULD <span class="insert">send</span> a 407 (Proxy Authentication Required) <span class="insert">response that</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 188 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> responses MUST include</span> a Proxy-Authenticate header field <span class="delete">containing</span> a</td><td> </td><td class="rblock"><span class="insert"> contains</span> a Proxy-Authenticate header field <span class="insert">with</span> a (possibly new)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 189 | <tr><td class="lineno" valign="top"></td><td class="lblock"> (possibly new) challenge applicable to the proxy.</td><td> </td><td class="rblock"> challenge applicable to the proxy.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 190 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 191 | <tr><td class="lineno" valign="top"></td><td class="left"> A server receiving credentials that are valid, but not adequate to</td><td> </td><td class="right"> A server receiving credentials that are valid, but not adequate to</td><td class="lineno" valign="top"></td></tr> |
|---|
| 192 | <tr><td class="lineno" valign="top"></td><td class="left"> gain access, ought to respond with the 403 (Forbidden) status code</td><td> </td><td class="right"> gain access, ought to respond with the 403 (Forbidden) status code</td><td class="lineno" valign="top"></td></tr> |
|---|
| 193 | <tr><td><a name="diff0014" /></td></tr> |
|---|
| 194 | <tr><td class="lineno" valign="top"></td><td class="lblock"> (Section <span class="delete">7</span>.5.3 of [Part2]).</td><td> </td><td class="rblock"> (Section <span class="insert">6</span>.5.3 of [Part2]).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 195 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 196 | <tr><td class="lineno" valign="top"></td><td class="left"> The HTTP protocol does not restrict applications to this simple</td><td> </td><td class="right"> The HTTP protocol does not restrict applications to this simple</td><td class="lineno" valign="top"></td></tr> |
|---|
| 197 | <tr><td class="lineno" valign="top"></td><td class="left"> challenge-response mechanism for access authentication. Additional</td><td> </td><td class="right"> challenge-response mechanism for access authentication. Additional</td><td class="lineno" valign="top"></td></tr> |
|---|
| 198 | <tr><td class="lineno" valign="top"></td><td class="left"> mechanisms MAY be used, such as encryption at the transport level or</td><td> </td><td class="right"> mechanisms MAY be used, such as encryption at the transport level or</td><td class="lineno" valign="top"></td></tr> |
|---|
| 199 | <tr><td class="lineno" valign="top"></td><td class="left"> via message encapsulation, and with additional header fields</td><td> </td><td class="right"> via message encapsulation, and with additional header fields</td><td class="lineno" valign="top"></td></tr> |
|---|
| 200 | <tr><td class="lineno" valign="top"></td><td class="left"> specifying authentication information. However, such additional</td><td> </td><td class="right"> specifying authentication information. However, such additional</td><td class="lineno" valign="top"></td></tr> |
|---|
| 201 | <tr><td class="lineno" valign="top"></td><td class="left"> mechanisms are not defined by this specification.</td><td> </td><td class="right"> mechanisms are not defined by this specification.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 202 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 203 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxies MUST forward the WWW-Authenticate and Authorization header</td><td> </td><td class="right"> Proxies MUST forward the WWW-Authenticate and Authorization header</td><td class="lineno" valign="top"></td></tr> |
|---|
| 204 | <tr><td class="lineno" valign="top"></td><td class="left"> fields unmodified and follow the rules found in Section 4.1.</td><td> </td><td class="right"> fields unmodified and follow the rules found in Section 4.1.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 205 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 206 | <tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> page 7, line 4</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> page 6, line 51</em></th><td></td></tr> |
|---|
| 207 | <tr><td class="lineno" valign="top"></td><td class="left"> The authentication parameter realm is reserved for use by</td><td> </td><td class="right"> The authentication parameter realm is reserved for use by</td><td class="lineno" valign="top"></td></tr> |
|---|
| 208 | <tr><td class="lineno" valign="top"></td><td class="left"> authentication schemes that wish to indicate the scope of protection.</td><td> </td><td class="right"> authentication schemes that wish to indicate the scope of protection.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 209 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 210 | <tr><td class="lineno" valign="top"></td><td class="left"> A protection space is defined by the canonical root URI (the scheme</td><td> </td><td class="right"> A protection space is defined by the canonical root URI (the scheme</td><td class="lineno" valign="top"></td></tr> |
|---|
| 211 | <tr><td class="lineno" valign="top"></td><td class="left"> and authority components of the effective request URI; see Section</td><td> </td><td class="right"> and authority components of the effective request URI; see Section</td><td class="lineno" valign="top"></td></tr> |
|---|
| 212 | <tr><td class="lineno" valign="top"></td><td class="left"> 5.5 of [Part1]) of the server being accessed, in combination with the</td><td> </td><td class="right"> 5.5 of [Part1]) of the server being accessed, in combination with the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 213 | <tr><td class="lineno" valign="top"></td><td class="left"> realm value if present. These realms allow the protected resources</td><td> </td><td class="right"> realm value if present. These realms allow the protected resources</td><td class="lineno" valign="top"></td></tr> |
|---|
| 214 | <tr><td class="lineno" valign="top"></td><td class="left"> on a server to be partitioned into a set of protection spaces, each</td><td> </td><td class="right"> on a server to be partitioned into a set of protection spaces, each</td><td class="lineno" valign="top"></td></tr> |
|---|
| 215 | <tr><td class="lineno" valign="top"></td><td class="left"> with its own authentication scheme and/or authorization database.</td><td> </td><td class="right"> with its own authentication scheme and/or authorization database.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 216 | <tr><td class="lineno" valign="top"></td><td class="left"> The realm value is a string, generally assigned by the origin server,</td><td> </td><td class="right"> The realm value is a string, generally assigned by the origin server,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 217 | <tr><td><a name="diff0015" /></td></tr> |
|---|
| 218 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">which</span> can have additional semantics specific to the authentication</td><td> </td><td class="rblock"> <span class="insert">that</span> can have additional semantics specific to the authentication</td><td class="lineno" valign="top"></td></tr> |
|---|
| 219 | <tr><td class="lineno" valign="top"></td><td class="left"> scheme. Note that there can be multiple challenges with the same</td><td> </td><td class="right"> scheme. Note that there can be multiple challenges with the same</td><td class="lineno" valign="top"></td></tr> |
|---|
| 220 | <tr><td class="lineno" valign="top"></td><td class="left"> auth-scheme but different realms.</td><td> </td><td class="right"> auth-scheme but different realms.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 221 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 222 | <tr><td class="lineno" valign="top"></td><td class="left"> The protection space determines the domain over which credentials can</td><td> </td><td class="right"> The protection space determines the domain over which credentials can</td><td class="lineno" valign="top"></td></tr> |
|---|
| 223 | <tr><td class="lineno" valign="top"></td><td class="left"> be automatically applied. If a prior request has been authorized,</td><td> </td><td class="right"> be automatically applied. If a prior request has been authorized,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 224 | <tr><td class="lineno" valign="top"></td><td class="left"> the same credentials MAY be reused for all other requests within that</td><td> </td><td class="right"> the same credentials MAY be reused for all other requests within that</td><td class="lineno" valign="top"></td></tr> |
|---|
| 225 | <tr><td class="lineno" valign="top"></td><td class="left"> protection space for a period of time determined by the</td><td> </td><td class="right"> protection space for a period of time determined by the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 226 | <tr><td class="lineno" valign="top"></td><td class="left"> authentication scheme, parameters, and/or user preference. Unless</td><td> </td><td class="right"> authentication scheme, parameters, and/or user preference. Unless</td><td class="lineno" valign="top"></td></tr> |
|---|
| 227 | <tr><td class="lineno" valign="top"></td><td class="left"> otherwise defined by the authentication scheme, a single protection</td><td> </td><td class="right"> otherwise defined by the authentication scheme, a single protection</td><td class="lineno" valign="top"></td></tr> |
|---|
| 228 | <tr><td class="lineno" valign="top"></td><td class="left"> space cannot extend outside the scope of its server.</td><td> </td><td class="right"> space cannot extend outside the scope of its server.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 229 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 230 | <tr bgcolor="gray" ><td></td><th><a name="part-l5" /><small>skipping to change at</small><em> page 8, line 46</em></th><th> </th><th><a name="part-r5" /><small>skipping to change at</small><em> page 8, line 45</em></th><td></td></tr> |
|---|
| 231 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 232 | <tr><td class="lineno" valign="top"></td><td class="left"> o Authentication schemes need to document whether they are usable in</td><td> </td><td class="right"> o Authentication schemes need to document whether they are usable in</td><td class="lineno" valign="top"></td></tr> |
|---|
| 233 | <tr><td class="lineno" valign="top"></td><td class="left"> origin-server authentication (i.e., using WWW-Authenticate),</td><td> </td><td class="right"> origin-server authentication (i.e., using WWW-Authenticate),</td><td class="lineno" valign="top"></td></tr> |
|---|
| 234 | <tr><td class="lineno" valign="top"></td><td class="left"> and/or proxy authentication (i.e., using Proxy-Authenticate).</td><td> </td><td class="right"> and/or proxy authentication (i.e., using Proxy-Authenticate).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 235 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 236 | <tr><td class="lineno" valign="top"></td><td class="left"> o The credentials carried in an Authorization header field are</td><td> </td><td class="right"> o The credentials carried in an Authorization header field are</td><td class="lineno" valign="top"></td></tr> |
|---|
| 237 | <tr><td class="lineno" valign="top"></td><td class="left"> specific to the User Agent, and therefore have the same effect on</td><td> </td><td class="right"> specific to the User Agent, and therefore have the same effect on</td><td class="lineno" valign="top"></td></tr> |
|---|
| 238 | <tr><td class="lineno" valign="top"></td><td class="left"> HTTP caches as the "private" Cache-Control response directive,</td><td> </td><td class="right"> HTTP caches as the "private" Cache-Control response directive,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 239 | <tr><td class="lineno" valign="top"></td><td class="left"> within the scope of the request they appear in.</td><td> </td><td class="right"> within the scope of the request they appear in.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 240 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 241 | <tr><td><a name="diff0016" /></td></tr> |
|---|
| 242 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Therefore, new authentication schemes <span class="delete">which</span> choose not to carry</td><td> </td><td class="rblock"> Therefore, new authentication schemes <span class="insert">that</span> choose not to carry</td><td class="lineno" valign="top"></td></tr> |
|---|
| 243 | <tr><td class="lineno" valign="top"></td><td class="left"> credentials in the Authorization header field (e.g., using a newly</td><td> </td><td class="right"> credentials in the Authorization header field (e.g., using a newly</td><td class="lineno" valign="top"></td></tr> |
|---|
| 244 | <tr><td class="lineno" valign="top"></td><td class="left"> defined header field) will need to explicitly disallow caching, by</td><td> </td><td class="right"> defined header field) will need to explicitly disallow caching, by</td><td class="lineno" valign="top"></td></tr> |
|---|
| 245 | <tr><td class="lineno" valign="top"></td><td class="left"> mandating the use of either Cache-Control request directives</td><td> </td><td class="right"> mandating the use of either Cache-Control request directives</td><td class="lineno" valign="top"></td></tr> |
|---|
| 246 | <tr><td class="lineno" valign="top"></td><td class="left"> (e.g., "no-store") or response directives (e.g., "private").</td><td> </td><td class="right"> (e.g., "no-store") or response directives (e.g., "private").</td><td class="lineno" valign="top"></td></tr> |
|---|
| 247 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 248 | <tr><td class="lineno" valign="top"></td><td class="left">3. Status Code Definitions</td><td> </td><td class="right">3. Status Code Definitions</td><td class="lineno" valign="top"></td></tr> |
|---|
| 249 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 250 | <tr><td class="lineno" valign="top"></td><td class="left">3.1. 401 Unauthorized</td><td> </td><td class="right">3.1. 401 Unauthorized</td><td class="lineno" valign="top"></td></tr> |
|---|
| 251 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 252 | <tr><td><a name="diff0017" /></td></tr> |
|---|
| 253 | <tr><td class="lineno" valign="top"></td><td class="lblock"> The request <span class="delete">requires user authentication.</span> The <span class="delete">response</span> MUST <span class="delete">include</span></td><td> </td><td class="rblock"> The <span class="insert">401 (Unauthorized) status code indicates that the</span> request <span class="insert">has not</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 254 | <tr><td class="lineno" valign="top"></td><td class="lblock"> a WWW-Authenticate header field (Section 4.4) containing <span class="delete">a</span> challenge</td><td> </td><td class="rblock"><span class="insert"> been applied because it lacks valid authentication credentials for</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 255 | <tr><td class="lineno" valign="top"></td><td class="lblock"> applicable to the target resource. <span class="delete">The client MAY repeat the request</span></td><td> </td><td class="rblock"><span class="insert"> the target resource.</span> The <span class="insert">origin server</span> MUST <span class="insert">send</span> a WWW-Authenticate</td><td class="lineno" valign="top"></td></tr> |
|---|
| 256 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> with a suitable Authorization header field (Section 4.1).</span> If the</td><td> </td><td class="rblock"> header field (Section 4.4) containing <span class="insert">at least one</span> challenge</td><td class="lineno" valign="top"></td></tr> |
|---|
| 257 | <tr><td class="lineno" valign="top"></td><td class="lblock"> request <span class="delete">already</span> included <span class="delete">Authorization</span> credentials, then the 401</td><td> </td><td class="rblock"> applicable to the target resource. If the request included</td><td class="lineno" valign="top"></td></tr> |
|---|
| 258 | <tr><td class="lineno" valign="top"></td><td class="lblock"> response indicates that authorization has been refused for those</td><td> </td><td class="rblock"> <span class="insert">authentication</span> credentials, then the 401 response indicates that</td><td class="lineno" valign="top"></td></tr> |
|---|
| 259 | <tr><td class="lineno" valign="top"></td><td class="lblock"> credentials. If the 401 response contains the same challenge as the</td><td> </td><td class="rblock"> authorization has been refused for those credentials. <span class="insert">The client MAY</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 260 | <tr><td class="lineno" valign="top"></td><td class="lblock"> prior response, and the user agent has already attempted</td><td> </td><td class="rblock"><span class="insert"> repeat the request with a new or replaced Authorization header field</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 261 | <tr><td class="lineno" valign="top"></td><td class="lblock"> authentication at least once, then the user SHOULD <span class="delete">be presented</span> the</td><td> </td><td class="rblock"><span class="insert"> (Section 4.1).</span> If the 401 response contains the same challenge as</td><td class="lineno" valign="top"></td></tr> |
|---|
| 262 | <tr><td class="lineno" valign="top"></td><td class="lblock"> representation <span class="delete">that was given in</span> the <span class="delete">response,</span> since <span class="delete">that</span></td><td> </td><td class="rblock"> the prior response, and the user agent has already attempted</td><td class="lineno" valign="top"></td></tr> |
|---|
| 263 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> representation might include</span> relevant diagnostic information.</td><td> </td><td class="rblock"> authentication at least once, then the user <span class="insert">agent</span> SHOULD <span class="insert">present</span> the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 264 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">enclosed</span> representation <span class="insert">to</span> the <span class="insert">user,</span> since <span class="insert">it usually contains</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 265 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> relevant diagnostic information.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 266 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 267 | <tr><td class="lineno" valign="top"></td><td class="left">3.2. 407 Proxy Authentication Required</td><td> </td><td class="right">3.2. 407 Proxy Authentication Required</td><td class="lineno" valign="top"></td></tr> |
|---|
| 268 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 269 | <tr><td><a name="diff0018" /></td></tr> |
|---|
| 270 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">This</span> code is similar to 401 (Unauthorized), but indicates that the</td><td> </td><td class="rblock"> <span class="insert">The 407 (Proxy Authentication Required) status</span> code is similar to 401</td><td class="lineno" valign="top"></td></tr> |
|---|
| 271 | <tr><td class="lineno" valign="top"></td><td class="lblock"> client <span class="delete">ought</span> to <span class="delete">first</span> authenticate itself <span class="delete">with the</span> proxy. The proxy</td><td> </td><td class="rblock"> (Unauthorized), but indicates that the client <span class="insert">needs</span> to authenticate</td><td class="lineno" valign="top"></td></tr> |
|---|
| 272 | <tr><td class="lineno" valign="top"></td><td class="lblock"> MUST <span class="delete">return</span> a <span class="delete">Proxy-Authenticate</span> header field (Section 4.2)</td><td> </td><td class="rblock"> itself <span class="insert">in order to use a</span> proxy. The proxy MUST <span class="insert">send</span> a <span class="insert">Proxy-</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 273 | <tr><td class="lineno" valign="top"></td><td class="lblock"> containing a challenge applicable to <span class="delete">the</span> proxy for the target</td><td> </td><td class="rblock"><span class="insert"> Authenticate</span> header field (Section 4.2) containing a challenge</td><td class="lineno" valign="top"></td></tr> |
|---|
| 274 | <tr><td class="lineno" valign="top"></td><td class="lblock"> resource. The client MAY repeat the request with a <span class="delete">suitable Proxy-</span></td><td> </td><td class="rblock"> applicable to <span class="insert">that</span> proxy for the target resource. The client MAY</td><td class="lineno" valign="top"></td></tr> |
|---|
| 275 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> Authorization</span> header field (Section 4.3).</td><td> </td><td class="rblock"> repeat the request with a <span class="insert">new or replaced Proxy-Authorization</span> header</td><td class="lineno" valign="top"></td></tr> |
|---|
| 276 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> field (Section 4.3).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 277 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 278 | <tr><td class="lineno" valign="top"></td><td class="left">4. Header Field Definitions</td><td> </td><td class="right">4. Header Field Definitions</td><td class="lineno" valign="top"></td></tr> |
|---|
| 279 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 280 | <tr><td class="lineno" valign="top"></td><td class="left"> This section defines the syntax and semantics of HTTP/1.1 header</td><td> </td><td class="right"> This section defines the syntax and semantics of HTTP/1.1 header</td><td class="lineno" valign="top"></td></tr> |
|---|
| 281 | <tr><td class="lineno" valign="top"></td><td class="left"> fields related to authentication.</td><td> </td><td class="right"> fields related to authentication.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 282 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 283 | <tr><td class="lineno" valign="top"></td><td class="left">4.1. Authorization</td><td> </td><td class="right">4.1. Authorization</td><td class="lineno" valign="top"></td></tr> |
|---|
| 284 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 285 | <tr><td class="lineno" valign="top"></td><td class="left"> The "Authorization" header field allows a user agent to authenticate</td><td> </td><td class="right"> The "Authorization" header field allows a user agent to authenticate</td><td class="lineno" valign="top"></td></tr> |
|---|
| 286 | <tr><td class="lineno" valign="top"></td><td class="left"> itself with a server -- usually, but not necessarily, after receiving</td><td> </td><td class="right"> itself with a server -- usually, but not necessarily, after receiving</td><td class="lineno" valign="top"></td></tr> |
|---|
| 287 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 288 | <tr bgcolor="gray" ><td></td><th><a name="part-l6" /><small>skipping to change at</small><em> page 9, line 51</em></th><th> </th><th><a name="part-r6" /><small>skipping to change at</small><em> page 10, line 5</em></th><td></td></tr> |
|---|
| 289 | <tr><td class="lineno" valign="top"></td><td class="left"> resource being requested.</td><td> </td><td class="right"> resource being requested.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 290 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 291 | <tr><td class="lineno" valign="top"></td><td class="left"> Authorization = credentials</td><td> </td><td class="right"> Authorization = credentials</td><td class="lineno" valign="top"></td></tr> |
|---|
| 292 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 293 | <tr><td class="lineno" valign="top"></td><td class="left"> If a request is authenticated and a realm specified, the same</td><td> </td><td class="right"> If a request is authenticated and a realm specified, the same</td><td class="lineno" valign="top"></td></tr> |
|---|
| 294 | <tr><td class="lineno" valign="top"></td><td class="left"> credentials SHOULD be valid for all other requests within this realm</td><td> </td><td class="right"> credentials SHOULD be valid for all other requests within this realm</td><td class="lineno" valign="top"></td></tr> |
|---|
| 295 | <tr><td class="lineno" valign="top"></td><td class="left"> (assuming that the authentication scheme itself does not require</td><td> </td><td class="right"> (assuming that the authentication scheme itself does not require</td><td class="lineno" valign="top"></td></tr> |
|---|
| 296 | <tr><td class="lineno" valign="top"></td><td class="left"> otherwise, such as credentials that vary according to a challenge</td><td> </td><td class="right"> otherwise, such as credentials that vary according to a challenge</td><td class="lineno" valign="top"></td></tr> |
|---|
| 297 | <tr><td class="lineno" valign="top"></td><td class="left"> value or using synchronized clocks).</td><td> </td><td class="right"> value or using synchronized clocks).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 298 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 299 | <tr><td><a name="diff0019" /></td></tr> |
|---|
| 300 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">When a shared cache (see</span> Section <span class="delete">1.2</span> of <span class="delete">[Part6]) receives a request</span></td><td> </td><td class="rblock"> <span class="insert">See</span> Section <span class="insert">3.2</span> of <span class="insert">[Part6]</span> for <span class="insert">details of and requirements pertaining</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 301 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> containing an Authorization field, it MUST NOT return the</span></td><td> </td><td class="rblock"> to <span class="insert">handling of</span> the <span class="insert">Authorization field by HTTP caches.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 302 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> corresponding response as a reply to any other request, unless one of</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 303 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> the following specific exceptions holds:</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 304 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 305 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> 1. If the response includes the "s-maxage" cache-control directive,</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 306 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> the cache MAY use that response in replying to a subsequent</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 307 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> request. But (if the specified maximum age has passed) a proxy</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 308 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> cache MUST first revalidate it with the origin server, using the</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 309 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> header fields from the new request to allow the origin server to</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 310 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> authenticate the new request. (This is the defined behavior</span> for</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 311 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">s-maxage.) If the response includes "s-maxage=0", the proxy MUST</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 312 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> always revalidate it before re-using it.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 313 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 314 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> 2. If the response includes the "must-revalidate" cache-control</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 315 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> directive, the cache MAY use that response in replying to a</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 316 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> subsequent request. But if the response is stale, all caches</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 317 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> MUST first revalidate it with the origin server, using the header</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 318 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> fields from the new request to allow the origin server</span> to</td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 319 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">authenticate the new request.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 320 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 321 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> 3. If the response includes</span> the <span class="delete">"public" cache-control directive, it</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 322 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> MAY be returned in reply to any subsequent request.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 323 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 324 | <tr><td class="lineno" valign="top"></td><td class="left">4.2. Proxy-Authenticate</td><td> </td><td class="right">4.2. Proxy-Authenticate</td><td class="lineno" valign="top"></td></tr> |
|---|
| 325 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 326 | <tr><td class="lineno" valign="top"></td><td class="left"> The "Proxy-Authenticate" header field consists of at least one</td><td> </td><td class="right"> The "Proxy-Authenticate" header field consists of at least one</td><td class="lineno" valign="top"></td></tr> |
|---|
| 327 | <tr><td class="lineno" valign="top"></td><td class="left"> challenge that indicates the authentication scheme(s) and parameters</td><td> </td><td class="right"> challenge that indicates the authentication scheme(s) and parameters</td><td class="lineno" valign="top"></td></tr> |
|---|
| 328 | <tr><td class="lineno" valign="top"></td><td class="left"> applicable to the proxy for this effective request URI (Section 5.5</td><td> </td><td class="right"> applicable to the proxy for this effective request URI (Section 5.5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 329 | <tr><td class="lineno" valign="top"></td><td class="left"> of [Part1]). It MUST be included as part of a 407 (Proxy</td><td> </td><td class="right"> of [Part1]). It MUST be included as part of a 407 (Proxy</td><td class="lineno" valign="top"></td></tr> |
|---|
| 330 | <tr><td class="lineno" valign="top"></td><td class="left"> Authentication Required) response.</td><td> </td><td class="right"> Authentication Required) response.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 331 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 332 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authenticate = 1#challenge</td><td> </td><td class="right"> Proxy-Authenticate = 1#challenge</td><td class="lineno" valign="top"></td></tr> |
|---|
| 333 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 334 | <tr bgcolor="gray" ><td></td><th><a name="part-l7" /><small>skipping to change at</small><em> page 10, line 49</em></th><th> </th><th><a name="part-r7" /><small>skipping to change at</small><em> page 10, line 31</em></th><td></td></tr> |
|---|
| 335 | <tr><td class="lineno" valign="top"></td><td class="left"> to obtain its own credentials by requesting them from the downstream</td><td> </td><td class="right"> to obtain its own credentials by requesting them from the downstream</td><td class="lineno" valign="top"></td></tr> |
|---|
| 336 | <tr><td class="lineno" valign="top"></td><td class="left"> client, which in some circumstances will appear as if the proxy is</td><td> </td><td class="right"> client, which in some circumstances will appear as if the proxy is</td><td class="lineno" valign="top"></td></tr> |
|---|
| 337 | <tr><td class="lineno" valign="top"></td><td class="left"> forwarding the Proxy-Authenticate header field.</td><td> </td><td class="right"> forwarding the Proxy-Authenticate header field.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 338 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 339 | <tr><td class="lineno" valign="top"></td><td class="left"> Note that the parsing considerations for WWW-Authenticate apply to</td><td> </td><td class="right"> Note that the parsing considerations for WWW-Authenticate apply to</td><td class="lineno" valign="top"></td></tr> |
|---|
| 340 | <tr><td class="lineno" valign="top"></td><td class="left"> this header field as well; see Section 4.4 for details.</td><td> </td><td class="right"> this header field as well; see Section 4.4 for details.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 341 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 342 | <tr><td class="lineno" valign="top"></td><td class="left">4.3. Proxy-Authorization</td><td> </td><td class="right">4.3. Proxy-Authorization</td><td class="lineno" valign="top"></td></tr> |
|---|
| 343 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 344 | <tr><td class="lineno" valign="top"></td><td class="left"> The "Proxy-Authorization" header field allows the client to identify</td><td> </td><td class="right"> The "Proxy-Authorization" header field allows the client to identify</td><td class="lineno" valign="top"></td></tr> |
|---|
| 345 | <tr><td><a name="diff0020" /></td></tr> |
|---|
| 346 | <tr><td class="lineno" valign="top"></td><td class="lblock"> itself (or its user) to a proxy <span class="delete">which</span> requires authentication. Its</td><td> </td><td class="rblock"> itself (or its user) to a proxy <span class="insert">that</span> requires authentication. Its</td><td class="lineno" valign="top"></td></tr> |
|---|
| 347 | <tr><td class="lineno" valign="top"></td><td class="left"> value consists of credentials containing the authentication</td><td> </td><td class="right"> value consists of credentials containing the authentication</td><td class="lineno" valign="top"></td></tr> |
|---|
| 348 | <tr><td class="lineno" valign="top"></td><td class="left"> information of the user agent for the proxy and/or realm of the</td><td> </td><td class="right"> information of the user agent for the proxy and/or realm of the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 349 | <tr><td class="lineno" valign="top"></td><td class="left"> resource being requested.</td><td> </td><td class="right"> resource being requested.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 350 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 351 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authorization = credentials</td><td> </td><td class="right"> Proxy-Authorization = credentials</td><td class="lineno" valign="top"></td></tr> |
|---|
| 352 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 353 | <tr><td class="lineno" valign="top"></td><td class="left"> Unlike Authorization, the Proxy-Authorization header field applies</td><td> </td><td class="right"> Unlike Authorization, the Proxy-Authorization header field applies</td><td class="lineno" valign="top"></td></tr> |
|---|
| 354 | <tr><td class="lineno" valign="top"></td><td class="left"> only to the next outbound proxy that demanded authentication using</td><td> </td><td class="right"> only to the next outbound proxy that demanded authentication using</td><td class="lineno" valign="top"></td></tr> |
|---|
| 355 | <tr><td class="lineno" valign="top"></td><td class="left"> the Proxy-Authenticate field. When multiple proxies are used in a</td><td> </td><td class="right"> the Proxy-Authenticate field. When multiple proxies are used in a</td><td class="lineno" valign="top"></td></tr> |
|---|
| 356 | <tr><td class="lineno" valign="top"></td><td class="left"> chain, the Proxy-Authorization header field is consumed by the first</td><td> </td><td class="right"> chain, the Proxy-Authorization header field is consumed by the first</td><td class="lineno" valign="top"></td></tr> |
|---|
| 357 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 358 | <tr bgcolor="gray" ><td></td><th><a name="part-l8" /><small>skipping to change at</small><em> page 12, line 32</em></th><th> </th><th><a name="part-r8" /><small>skipping to change at</small><em> page 12, line 16</em></th><td></td></tr> |
|---|
| 359 | <tr><td class="lineno" valign="top"></td><td class="left"> | Value | Description | Reference |</td><td> </td><td class="right"> | Value | Description | Reference |</td><td class="lineno" valign="top"></td></tr> |
|---|
| 360 | <tr><td class="lineno" valign="top"></td><td class="left"> +-------+-------------------------------+-------------+</td><td> </td><td class="right"> +-------+-------------------------------+-------------+</td><td class="lineno" valign="top"></td></tr> |
|---|
| 361 | <tr><td class="lineno" valign="top"></td><td class="left"> | 401 | Unauthorized | Section 3.1 |</td><td> </td><td class="right"> | 401 | Unauthorized | Section 3.1 |</td><td class="lineno" valign="top"></td></tr> |
|---|
| 362 | <tr><td class="lineno" valign="top"></td><td class="left"> | 407 | Proxy Authentication Required | Section 3.2 |</td><td> </td><td class="right"> | 407 | Proxy Authentication Required | Section 3.2 |</td><td class="lineno" valign="top"></td></tr> |
|---|
| 363 | <tr><td class="lineno" valign="top"></td><td class="left"> +-------+-------------------------------+-------------+</td><td> </td><td class="right"> +-------+-------------------------------+-------------+</td><td class="lineno" valign="top"></td></tr> |
|---|
| 364 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 365 | <tr><td class="lineno" valign="top"></td><td class="left">5.3. Header Field Registration</td><td> </td><td class="right">5.3. Header Field Registration</td><td class="lineno" valign="top"></td></tr> |
|---|
| 366 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 367 | <tr><td class="lineno" valign="top"></td><td class="left"> The Message Header Field Registry located at <http://www.iana.org/</td><td> </td><td class="right"> The Message Header Field Registry located at <http://www.iana.org/</td><td class="lineno" valign="top"></td></tr> |
|---|
| 368 | <tr><td class="lineno" valign="top"></td><td class="left"> assignments/message-headers/message-header-index.html> shall be</td><td> </td><td class="right"> assignments/message-headers/message-header-index.html> shall be</td><td class="lineno" valign="top"></td></tr> |
|---|
| 369 | <tr><td><a name="diff0021" /></td></tr> |
|---|
| 370 | <tr><td class="lineno" valign="top"></td><td class="lblock"> updated with the permanent registrations below (see [<span class="delete">RFC3864</span>]):</td><td> </td><td class="rblock"> updated with the permanent registrations below (see [<span class="insert">BCP90</span>]):</td><td class="lineno" valign="top"></td></tr> |
|---|
| 371 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 372 | <tr><td class="lineno" valign="top"></td><td class="left"> +---------------------+----------+----------+-------------+</td><td> </td><td class="right"> +---------------------+----------+----------+-------------+</td><td class="lineno" valign="top"></td></tr> |
|---|
| 373 | <tr><td class="lineno" valign="top"></td><td class="left"> | Header Field Name | Protocol | Status | Reference |</td><td> </td><td class="right"> | Header Field Name | Protocol | Status | Reference |</td><td class="lineno" valign="top"></td></tr> |
|---|
| 374 | <tr><td class="lineno" valign="top"></td><td class="left"> +---------------------+----------+----------+-------------+</td><td> </td><td class="right"> +---------------------+----------+----------+-------------+</td><td class="lineno" valign="top"></td></tr> |
|---|
| 375 | <tr><td class="lineno" valign="top"></td><td class="left"> | Authorization | http | standard | Section 4.1 |</td><td> </td><td class="right"> | Authorization | http | standard | Section 4.1 |</td><td class="lineno" valign="top"></td></tr> |
|---|
| 376 | <tr><td class="lineno" valign="top"></td><td class="left"> | Proxy-Authenticate | http | standard | Section 4.2 |</td><td> </td><td class="right"> | Proxy-Authenticate | http | standard | Section 4.2 |</td><td class="lineno" valign="top"></td></tr> |
|---|
| 377 | <tr><td class="lineno" valign="top"></td><td class="left"> | Proxy-Authorization | http | standard | Section 4.3 |</td><td> </td><td class="right"> | Proxy-Authorization | http | standard | Section 4.3 |</td><td class="lineno" valign="top"></td></tr> |
|---|
| 378 | <tr><td class="lineno" valign="top"></td><td class="left"> | WWW-Authenticate | http | standard | Section 4.4 |</td><td> </td><td class="right"> | WWW-Authenticate | http | standard | Section 4.4 |</td><td class="lineno" valign="top"></td></tr> |
|---|
| 379 | <tr><td class="lineno" valign="top"></td><td class="left"> +---------------------+----------+----------+-------------+</td><td> </td><td class="right"> +---------------------+----------+----------+-------------+</td><td class="lineno" valign="top"></td></tr> |
|---|
| 380 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 381 | <tr><td class="lineno" valign="top"></td><td class="left"> The change controller is: "IETF (iesg@ietf.org) - Internet</td><td> </td><td class="right"> The change controller is: "IETF (iesg@ietf.org) - Internet</td><td class="lineno" valign="top"></td></tr> |
|---|
| 382 | <tr><td class="lineno" valign="top"></td><td class="left"> Engineering Task Force".</td><td> </td><td class="right"> Engineering Task Force".</td><td class="lineno" valign="top"></td></tr> |
|---|
| 383 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 384 | <tr><td class="lineno" valign="top"></td><td class="left">6. Security Considerations</td><td> </td><td class="right">6. Security Considerations</td><td class="lineno" valign="top"></td></tr> |
|---|
| 385 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 386 | <tr><td><a name="diff0022" /></td></tr> |
|---|
| 387 | <tr><td class="lineno" valign="top"></td><td class="lblock"> This section is meant to inform <span class="delete">application</span> developers, information</td><td> </td><td class="rblock"> This section is meant to inform developers, information providers,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 388 | <tr><td class="lineno" valign="top"></td><td class="lblock"> providers, and users of <span class="delete">the</span> security <span class="delete">limitations in HTTP/1.1 as</span></td><td> </td><td class="rblock"> and users of <span class="insert">known</span> security <span class="insert">concerns specific</span> to <span class="insert">HTTP/1.1</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 389 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> described by this document. The discussion does not include</span></td><td> </td><td class="rblock"><span class="insert"> authentication. More general</span> security <span class="insert">considerations are addressed</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 390 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> definitive solutions</span> to <span class="delete">the problems revealed, though it does make</span></td><td> </td><td class="rblock"><span class="insert"> in HTTP messaging [Part1] and semantics [Part2].</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 391 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> some suggestions for reducing</span> security <span class="delete">risks.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 392 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 393 | <tr><td class="lineno" valign="top"></td><td class="left">6.1. Authentication Credentials and Idle Clients</td><td> </td><td class="right">6.1. Authentication Credentials and Idle Clients</td><td class="lineno" valign="top"></td></tr> |
|---|
| 394 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 395 | <tr><td class="lineno" valign="top"></td><td class="left"> Existing HTTP clients and user agents typically retain authentication</td><td> </td><td class="right"> Existing HTTP clients and user agents typically retain authentication</td><td class="lineno" valign="top"></td></tr> |
|---|
| 396 | <tr><td class="lineno" valign="top"></td><td class="left"> information indefinitely. HTTP/1.1 does not provide a method for a</td><td> </td><td class="right"> information indefinitely. HTTP/1.1 does not provide a method for a</td><td class="lineno" valign="top"></td></tr> |
|---|
| 397 | <tr><td class="lineno" valign="top"></td><td class="left"> server to direct clients to discard these cached credentials. This</td><td> </td><td class="right"> server to direct clients to discard these cached credentials. This</td><td class="lineno" valign="top"></td></tr> |
|---|
| 398 | <tr><td class="lineno" valign="top"></td><td class="left"> is a significant defect that requires further extensions to HTTP.</td><td> </td><td class="right"> is a significant defect that requires further extensions to HTTP.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 399 | <tr><td class="lineno" valign="top"></td><td class="left"> Circumstances under which credential caching can interfere with the</td><td> </td><td class="right"> Circumstances under which credential caching can interfere with the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 400 | <tr><td class="lineno" valign="top"></td><td class="left"> application's security model include but are not limited to:</td><td> </td><td class="right"> application's security model include but are not limited to:</td><td class="lineno" valign="top"></td></tr> |
|---|
| 401 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 402 | <tr><td><a name="diff0023" /></td></tr> |
|---|
| 403 | <tr><td class="lineno" valign="top"></td><td class="lblock"> o Clients <span class="delete">which</span> have been idle for an extended <span class="delete">period</span> following</td><td> </td><td class="rblock"> o Clients <span class="insert">that</span> have been idle for an extended <span class="insert">period,</span> following</td><td class="lineno" valign="top"></td></tr> |
|---|
| 404 | <tr><td class="lineno" valign="top"></td><td class="lblock"> which the server might wish to cause the client to <span class="delete">reprompt</span> the</td><td> </td><td class="rblock"> which the server might wish to cause the client to <span class="insert">re-prompt</span> the</td><td class="lineno" valign="top"></td></tr> |
|---|
| 405 | <tr><td class="lineno" valign="top"></td><td class="left"> user for credentials.</td><td> </td><td class="right"> user for credentials.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 406 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 407 | <tr><td><a name="diff0024" /></td></tr> |
|---|
| 408 | <tr><td class="lineno" valign="top"></td><td class="lblock"> o Applications <span class="delete">which</span> include a session termination indication (such</td><td> </td><td class="rblock"> o Applications <span class="insert">that</span> include a session termination indication (such</td><td class="lineno" valign="top"></td></tr> |
|---|
| 409 | <tr><td class="lineno" valign="top"></td><td class="left"> as a "logout" or "commit" button on a page) after which the server</td><td> </td><td class="right"> as a "logout" or "commit" button on a page) after which the server</td><td class="lineno" valign="top"></td></tr> |
|---|
| 410 | <tr><td class="lineno" valign="top"></td><td class="left"> side of the application "knows" that there is no further reason</td><td> </td><td class="right"> side of the application "knows" that there is no further reason</td><td class="lineno" valign="top"></td></tr> |
|---|
| 411 | <tr><td class="lineno" valign="top"></td><td class="left"> for the client to retain the credentials.</td><td> </td><td class="right"> for the client to retain the credentials.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 412 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 413 | <tr><td class="lineno" valign="top"></td><td class="left"> This is currently under separate study. There are a number of work-</td><td> </td><td class="right"> This is currently under separate study. There are a number of work-</td><td class="lineno" valign="top"></td></tr> |
|---|
| 414 | <tr><td class="lineno" valign="top"></td><td class="left"> arounds to parts of this problem, and we encourage the use of</td><td> </td><td class="right"> arounds to parts of this problem, and we encourage the use of</td><td class="lineno" valign="top"></td></tr> |
|---|
| 415 | <tr><td class="lineno" valign="top"></td><td class="left"> password protection in screen savers, idle time-outs, and other</td><td> </td><td class="right"> password protection in screen savers, idle time-outs, and other</td><td class="lineno" valign="top"></td></tr> |
|---|
| 416 | <tr><td><a name="diff0025" /></td></tr> |
|---|
| 417 | <tr><td class="lineno" valign="top"></td><td class="lblock"> methods <span class="delete">which</span> mitigate the security problems inherent in this</td><td> </td><td class="rblock"> methods <span class="insert">that</span> mitigate the security problems inherent in this problem.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 418 | <tr><td class="lineno" valign="top"></td><td class="lblock"> problem. In particular, user agents <span class="delete">which</span> cache credentials are</td><td> </td><td class="rblock"> In particular, user agents <span class="insert">that</span> cache credentials are encouraged to</td><td class="lineno" valign="top"></td></tr> |
|---|
| 419 | <tr><td class="lineno" valign="top"></td><td class="lblock"> encouraged to provide a readily accessible mechanism for discarding</td><td> </td><td class="rblock"> provide a readily accessible mechanism for discarding cached</td><td class="lineno" valign="top"></td></tr> |
|---|
| 420 | <tr><td class="lineno" valign="top"></td><td class="lblock"> cached credentials under user control.</td><td> </td><td class="rblock"> credentials under user control.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 421 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 422 | <tr><td class="lineno" valign="top"></td><td class="left">6.2. Protection Spaces</td><td> </td><td class="right">6.2. Protection Spaces</td><td class="lineno" valign="top"></td></tr> |
|---|
| 423 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 424 | <tr><td class="lineno" valign="top"></td><td class="left"> Authentication schemes that solely rely on the "realm" mechanism for</td><td> </td><td class="right"> Authentication schemes that solely rely on the "realm" mechanism for</td><td class="lineno" valign="top"></td></tr> |
|---|
| 425 | <tr><td class="lineno" valign="top"></td><td class="left"> establishing a protection space will expose credentials to all</td><td> </td><td class="right"> establishing a protection space will expose credentials to all</td><td class="lineno" valign="top"></td></tr> |
|---|
| 426 | <tr><td class="lineno" valign="top"></td><td class="left"> resources on a server. Clients that have successfully made</td><td> </td><td class="right"> resources on a server. Clients that have successfully made</td><td class="lineno" valign="top"></td></tr> |
|---|
| 427 | <tr><td class="lineno" valign="top"></td><td class="left"> authenticated requests with a resource can use the same</td><td> </td><td class="right"> authenticated requests with a resource can use the same</td><td class="lineno" valign="top"></td></tr> |
|---|
| 428 | <tr><td class="lineno" valign="top"></td><td class="left"> authentication credentials for other resources on the same server.</td><td> </td><td class="right"> authentication credentials for other resources on the same server.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 429 | <tr><td class="lineno" valign="top"></td><td class="left"> This makes it possible for a different resource to harvest</td><td> </td><td class="right"> This makes it possible for a different resource to harvest</td><td class="lineno" valign="top"></td></tr> |
|---|
| 430 | <tr><td class="lineno" valign="top"></td><td class="left"> authentication credentials for other resources.</td><td> </td><td class="right"> authentication credentials for other resources.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 431 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 432 | <tr bgcolor="gray" ><td></td><th><a name="part-l9" /><small>skipping to change at</small><em> page 14, line 18</em></th><th> </th><th><a name="part-r9" /><small>skipping to change at</small><em> page 13, line 49</em></th><td></td></tr> |
|---|
| 433 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 434 | <tr><td class="lineno" valign="top"></td><td class="left"> See Section 9 of [Part1] for the Acknowledgments related to this</td><td> </td><td class="right"> See Section 9 of [Part1] for the Acknowledgments related to this</td><td class="lineno" valign="top"></td></tr> |
|---|
| 435 | <tr><td class="lineno" valign="top"></td><td class="left"> document revision.</td><td> </td><td class="right"> document revision.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 436 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 437 | <tr><td class="lineno" valign="top"></td><td class="left">8. References</td><td> </td><td class="right">8. References</td><td class="lineno" valign="top"></td></tr> |
|---|
| 438 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 439 | <tr><td class="lineno" valign="top"></td><td class="left">8.1. Normative References</td><td> </td><td class="right">8.1. Normative References</td><td class="lineno" valign="top"></td></tr> |
|---|
| 440 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 441 | <tr><td class="lineno" valign="top"></td><td class="left"> [Part1] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer</td><td> </td><td class="right"> [Part1] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer</td><td class="lineno" valign="top"></td></tr> |
|---|
| 442 | <tr><td class="lineno" valign="top"></td><td class="left"> Protocol (HTTP/1.1): Message Syntax and Routing",</td><td> </td><td class="right"> Protocol (HTTP/1.1): Message Syntax and Routing",</td><td class="lineno" valign="top"></td></tr> |
|---|
| 443 | <tr><td><a name="diff0026" /></td></tr> |
|---|
| 444 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">draft-ietf-httpbis-p1-messaging-21</span> (work in progress),</td><td> </td><td class="rblock"> <span class="insert">draft-ietf-httpbis-p1-messaging-22</span> (work in progress),</td><td class="lineno" valign="top"></td></tr> |
|---|
| 445 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">October 2012.</span></td><td> </td><td class="rblock"> <span class="insert">February 2013.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 446 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 447 | <tr><td class="lineno" valign="top"></td><td class="left"> [Part2] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer</td><td> </td><td class="right"> [Part2] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer</td><td class="lineno" valign="top"></td></tr> |
|---|
| 448 | <tr><td class="lineno" valign="top"></td><td class="left"> Protocol (HTTP/1.1): Semantics and Content",</td><td> </td><td class="right"> Protocol (HTTP/1.1): Semantics and Content",</td><td class="lineno" valign="top"></td></tr> |
|---|
| 449 | <tr><td><a name="diff0027" /></td></tr> |
|---|
| 450 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">draft-ietf-httpbis-p2-semantics-21</span> (work in progress),</td><td> </td><td class="rblock"> <span class="insert">draft-ietf-httpbis-p2-semantics-22</span> (work in progress),</td><td class="lineno" valign="top"></td></tr> |
|---|
| 451 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">October 2012.</span></td><td> </td><td class="rblock"> <span class="insert">February 2013.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 452 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 453 | <tr><td class="lineno" valign="top"></td><td class="left"> [Part6] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,</td><td> </td><td class="right"> [Part6] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 454 | <tr><td class="lineno" valign="top"></td><td class="left"> Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",</td><td> </td><td class="right"> Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",</td><td class="lineno" valign="top"></td></tr> |
|---|
| 455 | <tr><td><a name="diff0028" /></td></tr> |
|---|
| 456 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">draft-ietf-httpbis-p6-cache-21</span> (work in progress),</td><td> </td><td class="rblock"> <span class="insert">draft-ietf-httpbis-p6-cache-22</span> (work in progress),</td><td class="lineno" valign="top"></td></tr> |
|---|
| 457 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">October 2012.</span></td><td> </td><td class="rblock"> <span class="insert">February 2013.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 458 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 459 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate</td><td> </td><td class="right"> [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate</td><td class="lineno" valign="top"></td></tr> |
|---|
| 460 | <tr><td class="lineno" valign="top"></td><td class="left"> Requirement Levels", BCP 14, RFC 2119, March 1997.</td><td> </td><td class="right"> Requirement Levels", BCP 14, RFC 2119, March 1997.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 461 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 462 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax</td><td> </td><td class="right"> [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax</td><td class="lineno" valign="top"></td></tr> |
|---|
| 463 | <tr><td class="lineno" valign="top"></td><td class="left"> Specifications: ABNF", STD 68, RFC 5234, January 2008.</td><td> </td><td class="right"> Specifications: ABNF", STD 68, RFC 5234, January 2008.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 464 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 465 | <tr><td class="lineno" valign="top"></td><td class="left">8.2. Informative References</td><td> </td><td class="right">8.2. Informative References</td><td class="lineno" valign="top"></td></tr> |
|---|
| 466 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 467 | <tr><td><a name="diff0029" /></td></tr> |
|---|
| 468 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">[BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 469 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Procedures for Message Header Fields", BCP 90, RFC 3864,</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 470 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> September 2004.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 471 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> |
|---|
| 472 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,</td><td> </td><td class="right"> [RFC2616] Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 473 | <tr><td class="lineno" valign="top"></td><td class="left"> Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext</td><td> </td><td class="right"> Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext</td><td class="lineno" valign="top"></td></tr> |
|---|
| 474 | <tr><td class="lineno" valign="top"></td><td class="left"> Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.</td><td> </td><td class="right"> Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 475 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 476 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,</td><td> </td><td class="right"> [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 477 | <tr><td class="lineno" valign="top"></td><td class="left"> Leach, P., Luotonen, A., and L. Stewart, "HTTP</td><td> </td><td class="right"> Leach, P., Luotonen, A., and L. Stewart, "HTTP</td><td class="lineno" valign="top"></td></tr> |
|---|
| 478 | <tr><td class="lineno" valign="top"></td><td class="left"> Authentication: Basic and Digest Access Authentication",</td><td> </td><td class="right"> Authentication: Basic and Digest Access Authentication",</td><td class="lineno" valign="top"></td></tr> |
|---|
| 479 | <tr><td class="lineno" valign="top"></td><td class="left"> RFC 2617, June 1999.</td><td> </td><td class="right"> RFC 2617, June 1999.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 480 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 481 | <tr><td><a name="diff0030" /></td></tr> |
|---|
| 482 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 483 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> Procedures for Message Header Fields", BCP 90, RFC 3864,</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 484 | <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> September 2004.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 485 | <tr><td class="lineno" valign="top"></td><td class="lblock"> </td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 486 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform</td><td> </td><td class="right"> [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform</td><td class="lineno" valign="top"></td></tr> |
|---|
| 487 | <tr><td class="lineno" valign="top"></td><td class="left"> Resource Identifier (URI): Generic Syntax", STD 66,</td><td> </td><td class="right"> Resource Identifier (URI): Generic Syntax", STD 66,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 488 | <tr><td class="lineno" valign="top"></td><td class="left"> RFC 3986, January 2005.</td><td> </td><td class="right"> RFC 3986, January 2005.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 489 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 490 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data</td><td> </td><td class="right"> [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data</td><td class="lineno" valign="top"></td></tr> |
|---|
| 491 | <tr><td class="lineno" valign="top"></td><td class="left"> Encodings", RFC 4648, October 2006.</td><td> </td><td class="right"> Encodings", RFC 4648, October 2006.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 492 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 493 | <tr><td class="lineno" valign="top"></td><td class="left"> [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an</td><td> </td><td class="right"> [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an</td><td class="lineno" valign="top"></td></tr> |
|---|
| 494 | <tr><td class="lineno" valign="top"></td><td class="left"> IANA Considerations Section in RFCs", BCP 26, RFC 5226,</td><td> </td><td class="right"> IANA Considerations Section in RFCs", BCP 26, RFC 5226,</td><td class="lineno" valign="top"></td></tr> |
|---|
| 495 | <tr><td class="lineno" valign="top"></td><td class="left"> May 2008.</td><td> </td><td class="right"> May 2008.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 496 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 497 | <tr><td class="lineno" valign="top"></td><td class="left">Appendix A. Changes from RFCs 2616 and 2617</td><td> </td><td class="right">Appendix A. Changes from RFCs 2616 and 2617</td><td class="lineno" valign="top"></td></tr> |
|---|
| 498 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 499 | <tr><td><a name="diff0031" /></td></tr> |
|---|
| 500 | <tr><td class="lineno" valign="top"></td><td class="lblock"> The "realm" parameter <span class="delete">isn't</span> required <span class="delete">anymore in general;</span></td><td> </td><td class="rblock"> The <span class="insert">framework for HTTP Authentication is now defined by this</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 501 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> document, rather than RFC 2617.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 502 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 503 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> The</span> "realm" parameter <span class="insert">is no longer always</span> required <span class="insert">on challenges;</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 504 | <tr><td class="lineno" valign="top"></td><td class="left"> consequently, the ABNF allows challenges without any auth parameters.</td><td> </td><td class="right"> consequently, the ABNF allows challenges without any auth parameters.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 505 | <tr><td class="lineno" valign="top"></td><td class="left"> (Section 2)</td><td> </td><td class="right"> (Section 2)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 506 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 507 | <tr><td class="lineno" valign="top"></td><td class="left"> The "token68" alternative to auth-param lists has been added for</td><td> </td><td class="right"> The "token68" alternative to auth-param lists has been added for</td><td class="lineno" valign="top"></td></tr> |
|---|
| 508 | <tr><td class="lineno" valign="top"></td><td class="left"> consistency with legacy authentication schemes such as "Basic".</td><td> </td><td class="right"> consistency with legacy authentication schemes such as "Basic".</td><td class="lineno" valign="top"></td></tr> |
|---|
| 509 | <tr><td class="lineno" valign="top"></td><td class="left"> (Section 2)</td><td> </td><td class="right"> (Section 2)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 510 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 511 | <tr><td><a name="diff0032" /></td></tr> |
|---|
| 512 | <tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">Introduce</span> Authentication Scheme <span class="delete">Registry.</span> (Section 2.3)</td><td> </td><td class="rblock"> <span class="insert">This specification introduces the</span> Authentication Scheme <span class="insert">Registry,</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 513 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> along with considerations for new authentication schemes.</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 514 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> (Section 2.3)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 515 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 516 | <tr><td class="lineno" valign="top"></td><td class="left">Appendix B. Imported ABNF</td><td> </td><td class="right">Appendix B. Imported ABNF</td><td class="lineno" valign="top"></td></tr> |
|---|
| 517 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 518 | <tr><td class="lineno" valign="top"></td><td class="left"> The following core rules are included by reference, as defined in</td><td> </td><td class="right"> The following core rules are included by reference, as defined in</td><td class="lineno" valign="top"></td></tr> |
|---|
| 519 | <tr><td class="lineno" valign="top"></td><td class="left"> Appendix B.1 of [RFC5234]: ALPHA (letters), CR (carriage return),</td><td> </td><td class="right"> Appendix B.1 of [RFC5234]: ALPHA (letters), CR (carriage return),</td><td class="lineno" valign="top"></td></tr> |
|---|
| 520 | <tr><td class="lineno" valign="top"></td><td class="left"> CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double</td><td> </td><td class="right"> CRLF (CR LF), CTL (controls), DIGIT (decimal 0-9), DQUOTE (double</td><td class="lineno" valign="top"></td></tr> |
|---|
| 521 | <tr><td class="lineno" valign="top"></td><td class="left"> quote), HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any</td><td> </td><td class="right"> quote), HEXDIG (hexadecimal 0-9/A-F/a-f), LF (line feed), OCTET (any</td><td class="lineno" valign="top"></td></tr> |
|---|
| 522 | <tr><td class="lineno" valign="top"></td><td class="left"> 8-bit sequence of data), SP (space), and VCHAR (any visible US-ASCII</td><td> </td><td class="right"> 8-bit sequence of data), SP (space), and VCHAR (any visible US-ASCII</td><td class="lineno" valign="top"></td></tr> |
|---|
| 523 | <tr><td class="lineno" valign="top"></td><td class="left"> character).</td><td> </td><td class="right"> character).</td><td class="lineno" valign="top"></td></tr> |
|---|
| 524 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 525 | <tr><td class="lineno" valign="top"></td><td class="left"> The rules below are defined in [Part1]:</td><td> </td><td class="right"> The rules below are defined in [Part1]:</td><td class="lineno" valign="top"></td></tr> |
|---|
| 526 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 527 | <tr><td><a name="diff0033" /></td></tr> |
|---|
| 528 | <tr><td class="lineno" valign="top"></td><td class="lblock"> BWS = <BWS, defined in [Part1], Section <span class="delete">3.2.1></span></td><td> </td><td class="rblock"> BWS = <BWS, defined in [Part1], Section <span class="insert">3.2.3></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 529 | <tr><td class="lineno" valign="top"></td><td class="lblock"> OWS = <OWS, defined in [Part1], Section <span class="delete">3.2.1></span></td><td> </td><td class="rblock"> OWS = <OWS, defined in [Part1], Section <span class="insert">3.2.3></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 530 | <tr><td class="lineno" valign="top"></td><td class="lblock"> quoted-string = <quoted-string, defined in [Part1], Section <span class="delete">3.2.4></span></td><td> </td><td class="rblock"> quoted-string = <quoted-string, defined in [Part1], Section <span class="insert">3.2.6></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 531 | <tr><td class="lineno" valign="top"></td><td class="lblock"> token = <token, defined in [Part1], Section <span class="delete">3.2.4></span></td><td> </td><td class="rblock"> token = <token, defined in [Part1], Section <span class="insert">3.2.6></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 532 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 533 | <tr><td class="lineno" valign="top"></td><td class="left">Appendix C. Collected ABNF</td><td> </td><td class="right">Appendix C. Collected ABNF</td><td class="lineno" valign="top"></td></tr> |
|---|
| 534 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 535 | <tr><td class="lineno" valign="top"></td><td class="left"> Authorization = credentials</td><td> </td><td class="right"> Authorization = credentials</td><td class="lineno" valign="top"></td></tr> |
|---|
| 536 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 537 | <tr><td><a name="diff0034" /></td></tr> |
|---|
| 538 | <tr><td class="lineno" valign="top"></td><td class="lblock"> BWS = <BWS, defined in [Part1], Section 3.2.<span class="delete">1</span>></td><td> </td><td class="rblock"> BWS = <BWS, defined in [Part1], Section 3.2.<span class="insert">3</span>></td><td class="lineno" valign="top"></td></tr> |
|---|
| 539 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 540 | <tr><td><a name="diff0035" /></td></tr> |
|---|
| 541 | <tr><td class="lineno" valign="top"></td><td class="lblock"> OWS = <OWS, defined in [Part1], Section 3.2.<span class="delete">1</span>></td><td> </td><td class="rblock"> OWS = <OWS, defined in [Part1], Section 3.2.<span class="insert">3</span>></td><td class="lineno" valign="top"></td></tr> |
|---|
| 542 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 543 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authenticate = *( "," OWS ) challenge *( OWS "," [ OWS</td><td> </td><td class="right"> Proxy-Authenticate = *( "," OWS ) challenge *( OWS "," [ OWS</td><td class="lineno" valign="top"></td></tr> |
|---|
| 544 | <tr><td class="lineno" valign="top"></td><td class="left"> challenge ] )</td><td> </td><td class="right"> challenge ] )</td><td class="lineno" valign="top"></td></tr> |
|---|
| 545 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authorization = credentials</td><td> </td><td class="right"> Proxy-Authorization = credentials</td><td class="lineno" valign="top"></td></tr> |
|---|
| 546 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 547 | <tr><td class="lineno" valign="top"></td><td class="left"> WWW-Authenticate = *( "," OWS ) challenge *( OWS "," [ OWS challenge</td><td> </td><td class="right"> WWW-Authenticate = *( "," OWS ) challenge *( OWS "," [ OWS challenge</td><td class="lineno" valign="top"></td></tr> |
|---|
| 548 | <tr><td class="lineno" valign="top"></td><td class="left"> ] )</td><td> </td><td class="right"> ] )</td><td class="lineno" valign="top"></td></tr> |
|---|
| 549 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 550 | <tr><td class="lineno" valign="top"></td><td class="left"> auth-param = token BWS "=" BWS ( token / quoted-string )</td><td> </td><td class="right"> auth-param = token BWS "=" BWS ( token / quoted-string )</td><td class="lineno" valign="top"></td></tr> |
|---|
| 551 | <tr><td class="lineno" valign="top"></td><td class="left"> auth-scheme = token</td><td> </td><td class="right"> auth-scheme = token</td><td class="lineno" valign="top"></td></tr> |
|---|
| 552 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 553 | <tr><td class="lineno" valign="top"></td><td class="left"> challenge = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param ) *(</td><td> </td><td class="right"> challenge = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param ) *(</td><td class="lineno" valign="top"></td></tr> |
|---|
| 554 | <tr><td class="lineno" valign="top"></td><td class="left"> OWS "," [ OWS auth-param ] ) ] ) ]</td><td> </td><td class="right"> OWS "," [ OWS auth-param ] ) ] ) ]</td><td class="lineno" valign="top"></td></tr> |
|---|
| 555 | <tr><td class="lineno" valign="top"></td><td class="left"> credentials = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param )</td><td> </td><td class="right"> credentials = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param )</td><td class="lineno" valign="top"></td></tr> |
|---|
| 556 | <tr><td class="lineno" valign="top"></td><td class="left"> *( OWS "," [ OWS auth-param ] ) ] ) ]</td><td> </td><td class="right"> *( OWS "," [ OWS auth-param ] ) ] ) ]</td><td class="lineno" valign="top"></td></tr> |
|---|
| 557 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 558 | <tr><td><a name="diff0036" /></td></tr> |
|---|
| 559 | <tr><td class="lineno" valign="top"></td><td class="lblock"> quoted-string = <quoted-string, defined in [Part1], Section 3.2.<span class="delete">4</span>></td><td> </td><td class="rblock"> quoted-string = <quoted-string, defined in [Part1], Section 3.2.<span class="insert">6</span>></td><td class="lineno" valign="top"></td></tr> |
|---|
| 560 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 561 | <tr><td><a name="diff0037" /></td></tr> |
|---|
| 562 | <tr><td class="lineno" valign="top"></td><td class="lblock"> token = <token, defined in [Part1], Section 3.2.<span class="delete">4</span>></td><td> </td><td class="rblock"> token = <token, defined in [Part1], Section 3.2.<span class="insert">6</span>></td><td class="lineno" valign="top"></td></tr> |
|---|
| 563 | <tr><td class="lineno" valign="top"></td><td class="left"> token68 = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" )</td><td> </td><td class="right"> token68 = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" )</td><td class="lineno" valign="top"></td></tr> |
|---|
| 564 | <tr><td class="lineno" valign="top"></td><td class="left"> *"="</td><td> </td><td class="right"> *"="</td><td class="lineno" valign="top"></td></tr> |
|---|
| 565 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 566 | <tr><td class="lineno" valign="top"></td><td class="left">Appendix D. Change Log (to be removed by RFC Editor before publication)</td><td> </td><td class="right">Appendix D. Change Log (to be removed by RFC Editor before publication)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 567 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 568 | <tr><td class="lineno" valign="top"></td><td class="left"> Changes up to the first Working Group Last Call draft are summarized</td><td> </td><td class="right"> Changes up to the first Working Group Last Call draft are summarized</td><td class="lineno" valign="top"></td></tr> |
|---|
| 569 | <tr><td class="lineno" valign="top"></td><td class="left"> in <http://trac.tools.ietf.org/html/</td><td> </td><td class="right"> in <http://trac.tools.ietf.org/html/</td><td class="lineno" valign="top"></td></tr> |
|---|
| 570 | <tr><td class="lineno" valign="top"></td><td class="left"> draft-ietf-httpbis-p7-auth-19#appendix-C>.</td><td> </td><td class="right"> draft-ietf-httpbis-p7-auth-19#appendix-C>.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 571 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 572 | <tr><td class="lineno" valign="top"></td><td class="left">D.1. Since draft-ietf-httpbis-p7-auth-19</td><td> </td><td class="right">D.1. Since draft-ietf-httpbis-p7-auth-19</td><td class="lineno" valign="top"></td></tr> |
|---|
| 573 | <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr> |
|---|
| 574 | <tr bgcolor="gray" ><td></td><th><a name="part-l10" /><small>skipping to change at</small><em> page 17, line 23</em></th><th> </th><th><a name="part-r10" /><small>skipping to change at</small><em> page 17, line 23</em></th><td></td></tr> |
|---|
| 575 | <tr><td class="lineno" valign="top"></td><td class="left"> Closed issues:</td><td> </td><td class="right"> Closed issues:</td><td class="lineno" valign="top"></td></tr> |
|---|
| 576 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 577 | <tr><td class="lineno" valign="top"></td><td class="left"> o <http://tools.ietf.org/wg/httpbis/trac/ticket/376>: "rename</td><td> </td><td class="right"> o <http://tools.ietf.org/wg/httpbis/trac/ticket/376>: "rename</td><td class="lineno" valign="top"></td></tr> |
|---|
| 578 | <tr><td class="lineno" valign="top"></td><td class="left"> b64token for clarity"</td><td> </td><td class="right"> b64token for clarity"</td><td class="lineno" valign="top"></td></tr> |
|---|
| 579 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 580 | <tr><td class="lineno" valign="top"></td><td class="left"> Other changes:</td><td> </td><td class="right"> Other changes:</td><td class="lineno" valign="top"></td></tr> |
|---|
| 581 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 582 | <tr><td class="lineno" valign="top"></td><td class="left"> o Conformance criteria and considerations regarding error handling</td><td> </td><td class="right"> o Conformance criteria and considerations regarding error handling</td><td class="lineno" valign="top"></td></tr> |
|---|
| 583 | <tr><td class="lineno" valign="top"></td><td class="left"> are now defined in Part 1.</td><td> </td><td class="right"> are now defined in Part 1.</td><td class="lineno" valign="top"></td></tr> |
|---|
| 584 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 585 | <tr><td><a name="diff0038" /></td></tr> |
|---|
| 586 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">D.3. Since draft-ietf-httpbis-p7-auth-21</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 587 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 588 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Closed issues:</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 589 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 590 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> o <http://tools.ietf.org/wg/httpbis/trac/ticket/403>:</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 591 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> "Authentication and caching - max-age"</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 592 | <tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr> |
|---|
| 593 | <tr><td class="lineno" valign="top"></td><td class="left">Index</td><td> </td><td class="right">Index</td><td class="lineno" valign="top"></td></tr> |
|---|
| 594 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 595 | <tr><td class="lineno" valign="top"></td><td class="left"> 4</td><td> </td><td class="right"> 4</td><td class="lineno" valign="top"></td></tr> |
|---|
| 596 | <tr><td class="lineno" valign="top"></td><td class="left"> 401 Unauthorized (status code) 9</td><td> </td><td class="right"> 401 Unauthorized (status code) 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 597 | <tr><td class="lineno" valign="top"></td><td class="left"> 407 Proxy Authentication Required (status code) 9</td><td> </td><td class="right"> 407 Proxy Authentication Required (status code) 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 598 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 599 | <tr><td class="lineno" valign="top"></td><td class="left"> A</td><td> </td><td class="right"> A</td><td class="lineno" valign="top"></td></tr> |
|---|
| 600 | <tr><td class="lineno" valign="top"></td><td class="left"> Authorization header field 9</td><td> </td><td class="right"> Authorization header field 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 601 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 602 | <tr><td class="lineno" valign="top"></td><td class="left"> C</td><td> </td><td class="right"> C</td><td class="lineno" valign="top"></td></tr> |
|---|
| 603 | <tr><td class="lineno" valign="top"></td><td class="left"> Canonical Root URI 6</td><td> </td><td class="right"> Canonical Root URI 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 604 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 605 | <tr><td class="lineno" valign="top"></td><td class="left"> G</td><td> </td><td class="right"> G</td><td class="lineno" valign="top"></td></tr> |
|---|
| 606 | <tr><td class="lineno" valign="top"></td><td class="left"> Grammar</td><td> </td><td class="right"> Grammar</td><td class="lineno" valign="top"></td></tr> |
|---|
| 607 | <tr><td class="lineno" valign="top"></td><td class="left"> auth-param 5</td><td> </td><td class="right"> auth-param 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 608 | <tr><td class="lineno" valign="top"></td><td class="left"> auth-scheme 5</td><td> </td><td class="right"> auth-scheme 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 609 | <tr><td class="lineno" valign="top"></td><td class="left"> Authorization 9</td><td> </td><td class="right"> Authorization 9</td><td class="lineno" valign="top"></td></tr> |
|---|
| 610 | <tr><td class="lineno" valign="top"></td><td class="left"> challenge 5</td><td> </td><td class="right"> challenge 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 611 | <tr><td class="lineno" valign="top"></td><td class="left"> credentials 6</td><td> </td><td class="right"> credentials 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 612 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authenticate 10</td><td> </td><td class="right"> Proxy-Authenticate 10</td><td class="lineno" valign="top"></td></tr> |
|---|
| 613 | <tr><td><a name="diff0039" /></td></tr> |
|---|
| 614 | <tr><td class="lineno" valign="top"></td><td class="lblock"> Proxy-Authorization 1<span class="delete">1</span></td><td> </td><td class="rblock"> Proxy-Authorization 1<span class="insert">0</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 615 | <tr><td class="lineno" valign="top"></td><td class="left"> token68 5</td><td> </td><td class="right"> token68 5</td><td class="lineno" valign="top"></td></tr> |
|---|
| 616 | <tr><td class="lineno" valign="top"></td><td class="left"> WWW-Authenticate 11</td><td> </td><td class="right"> WWW-Authenticate 11</td><td class="lineno" valign="top"></td></tr> |
|---|
| 617 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 618 | <tr><td class="lineno" valign="top"></td><td class="left"> P</td><td> </td><td class="right"> P</td><td class="lineno" valign="top"></td></tr> |
|---|
| 619 | <tr><td class="lineno" valign="top"></td><td class="left"> Protection Space 6</td><td> </td><td class="right"> Protection Space 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 620 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authenticate header field 10</td><td> </td><td class="right"> Proxy-Authenticate header field 10</td><td class="lineno" valign="top"></td></tr> |
|---|
| 621 | <tr><td class="lineno" valign="top"></td><td class="left"> Proxy-Authorization header field 10</td><td> </td><td class="right"> Proxy-Authorization header field 10</td><td class="lineno" valign="top"></td></tr> |
|---|
| 622 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 623 | <tr><td class="lineno" valign="top"></td><td class="left"> R</td><td> </td><td class="right"> R</td><td class="lineno" valign="top"></td></tr> |
|---|
| 624 | <tr><td class="lineno" valign="top"></td><td class="left"> Realm 6</td><td> </td><td class="right"> Realm 6</td><td class="lineno" valign="top"></td></tr> |
|---|
| 625 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 626 | <tr><td class="lineno" valign="top"></td><td class="left"> W</td><td> </td><td class="right"> W</td><td class="lineno" valign="top"></td></tr> |
|---|
| 627 | <tr><td><a name="diff0040" /></td></tr> |
|---|
| 628 | <tr><td class="lineno" valign="top"></td><td class="lblock"> WWW-Authenticate header field 1<span class="delete">1</span></td><td> </td><td class="rblock"> WWW-Authenticate header field 1<span class="insert">0</span></td><td class="lineno" valign="top"></td></tr> |
|---|
| 629 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 630 | <tr><td class="lineno" valign="top"></td><td class="left">Authors' Addresses</td><td> </td><td class="right">Authors' Addresses</td><td class="lineno" valign="top"></td></tr> |
|---|
| 631 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 632 | <tr><td class="lineno" valign="top"></td><td class="left"> Roy T. Fielding (editor)</td><td> </td><td class="right"> Roy T. Fielding (editor)</td><td class="lineno" valign="top"></td></tr> |
|---|
| 633 | <tr><td class="lineno" valign="top"></td><td class="left"> Adobe Systems Incorporated</td><td> </td><td class="right"> Adobe Systems Incorporated</td><td class="lineno" valign="top"></td></tr> |
|---|
| 634 | <tr><td class="lineno" valign="top"></td><td class="left"> 345 Park Ave</td><td> </td><td class="right"> 345 Park Ave</td><td class="lineno" valign="top"></td></tr> |
|---|
| 635 | <tr><td class="lineno" valign="top"></td><td class="left"> San Jose, CA 95110</td><td> </td><td class="right"> San Jose, CA 95110</td><td class="lineno" valign="top"></td></tr> |
|---|
| 636 | <tr><td class="lineno" valign="top"></td><td class="left"> USA</td><td> </td><td class="right"> USA</td><td class="lineno" valign="top"></td></tr> |
|---|
| 637 | <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr> |
|---|
| 638 | <tr><td class="lineno" valign="top"></td><td class="left"> EMail: fielding@gbiv.com</td><td> </td><td class="right"> EMail: fielding@gbiv.com</td><td class="lineno" valign="top"></td></tr> |
|---|
| 639 | |
|---|
| 640 | <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr> |
|---|
| 641 | <tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 40 change blocks. </a></th></tr> |
|---|
| 642 | <tr class="stats"><td></td><th><i>104 lines changed or deleted</i></th><th><i> </i></th><th><i>97 lines changed or added</i></th><td></td></tr> |
|---|
| 643 | <tr><td colspan="5" align="center" class="small"><br/>This html diff was produced by rfcdiff 1.38. The latest version is available from <a href="http://www.tools.ietf.org/tools/rfcdiff/" >http://tools.ietf.org/tools/rfcdiff/</a> </td></tr> |
|---|
| 644 | </table> |
|---|
| 645 | </body> |
|---|
| 646 | </html> |
|---|
![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
