Ignore:
Timestamp:
26/07/11 16:00:04 (9 years ago)
Author:
julian.reschke@…
Message:

Considerations for new authentications schemes (see #257)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis/latest/p7-auth.xml

    r1354 r1356  
    2020  <!ENTITY basic-rules                  "<xref target='Part1' x:rel='#basic.rules' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2121  <!ENTITY effective-request-uri        "<xref target='Part1' x:rel='#effective.request.uri' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
     22  <!ENTITY msg-orient-and-buffering     "<xref target='Part1' x:rel='#message-orientation-and-buffering' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2223  <!ENTITY end-to-end.and-hop-by-hop    "<xref target='Part1' x:rel='#end-to-end.and.hop-by-hop.header-fields' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2324  <!ENTITY shared-and-non-shared-caches "<xref target='Part6' x:rel='#shared.and.non-shared.caches' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
     
    441442  The registry itself is maintained at <eref target="http://www.iana.org/assignments/http-authschemes"/>.
    442443</t>
     444
     445<section title="Considerations for New Authentication Schemes" anchor="considerations.for.new.authentication.schemes">
     446<t>
     447  There are certain aspects of the HTTP Authentication Framework that put
     448  constraints on how new authentication schemes can work:
     449</t>
     450<t>
     451  <list style="symbols">
     452    <t>
     453      Authentication schemes need to be compatible with the inherent
     454      constraints of HTTP; for instance, that messages need to keep their
     455      semantics when inspected in isolation, thus an authentication scheme
     456      can not bind information to the TCP session over which the message
     457      was received (see &msg-orient-and-buffering;).
     458    </t>
     459    <t>
     460      The authentication parameter "realm" is reserved for defining Protection
     461      Spaces as defined in <xref target="protection.space"/>. New schemes
     462      &MUST-NOT; use it in a way incompatible with that definition.
     463    </t>
     464    <t>
     465      Authentication schemes need to document whther they are usable in
     466      origin-server authentication (i.e., using WWW-Authenticate), and/or
     467      proxy authentication (i.e., using Proxy-Authenticate).
     468    </t>   
     469    <!-- note about Authorization header -->
     470  </list>
     471</t>
     472</section>
     473
    443474</section>
    444475
     
    12281259      "Realm required on challenges"
    12291260    </t>
     1261    <t>
     1262      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/257"/>:
     1263      "Considerations for new authentications schemes"
     1264    </t>
    12301265  </list>
    12311266</t>
Note: See TracChangeset for help on using the changeset viewer.