Ignore:
Timestamp:
Aug 9, 2011, 4:19:37 AM (8 years ago)
Author:
julian.reschke@…
Message:

fix ABNF to be compatible with Basic by introducing 'b64token', but recommend against it for new schemes due to poor extensibility story (#see 195)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p7-auth.html

    r1388 r1394  
    359359  }
    360360  @bottom-center {
    361        content: "Expires February 9, 2012";
     361       content: "Expires February 10, 2012";
    362362  }
    363363  @bottom-right {
     
    404404      <meta name="dct.creator" content="Reschke, J. F.">
    405405      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest">
    406       <meta name="dct.issued" scheme="ISO8601" content="2011-08-08">
     406      <meta name="dct.issued" scheme="ISO8601" content="2011-08-09">
    407407      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
    408408      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 7 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 7 defines the HTTP Authentication framework.">
     
    435435            </tr>
    436436            <tr>
    437                <td class="left">Expires: February 9, 2012</td>
     437               <td class="left">Expires: February 10, 2012</td>
    438438               <td class="right">HP</td>
    439439            </tr>
     
    488488            <tr>
    489489               <td class="left"></td>
    490                <td class="right">August 8, 2011</td>
     490               <td class="right">August 9, 2011</td>
    491491            </tr>
    492492         </tbody>
     
    516516         in progress”.
    517517      </p>
    518       <p>This Internet-Draft will expire on February 9, 2012.</p>
     518      <p>This Internet-Draft will expire on February 10, 2012.</p>
    519519      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    520520      <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    638638      <p id="rfc.section.2.1.p.1">HTTP provides a simple challenge-response authentication mechanism that can be used by a server to challenge a client request
    639639         and by a client to provide authentication information. It uses an extensible, case-insensitive token to identify the authentication
    640          scheme, followed by a comma-separated list of attribute-value pairs which carry the parameters necessary for achieving authentication
    641          via that scheme.
    642       </p>
    643       <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.a.1"></span><span id="rfc.iref.a.2"></span><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span>  auth-scheme    = <a href="#core.rules" class="smpl">token</a>
     640         scheme, followed by additional information necessary for achieving authentication via that scheme. The latter can either be
     641         a comma-separated list of attribute-value pairs or a single sequence of characters capable of holding base64-encoded information.
     642      </p>
     643      <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.a.1"></span><span id="rfc.iref.a.2"></span><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span><span id="rfc.iref.b.1"></span><span id="rfc.iref.g.3"></span>  auth-scheme    = <a href="#core.rules" class="smpl">token</a>
     644 
    644645  auth-param     = <a href="#core.rules" class="smpl">token</a> <a href="#core.rules" class="smpl">BWS</a> "=" <a href="#core.rules" class="smpl">BWS</a> ( <a href="#core.rules" class="smpl">token</a> / <a href="#core.rules" class="smpl">quoted-string</a> )
    645 </pre><p id="rfc.section.2.1.p.3">The 401 (Unauthorized) response message is used by an origin server to challenge the authorization of a user agent. This response <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one challenge applicable to the requested resource.
    646       </p>
    647       <p id="rfc.section.2.1.p.4">The 407 (Proxy Authentication Required) response message is used by a proxy to challenge the authorization of a client and <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing at least one challenge applicable to the proxy for the requested resource.
    648       </p>
    649       <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.c.1"></span><span id="rfc.iref.g.3"></span>  <a href="#challenge.and.response" class="smpl">challenge</a>   = <a href="#challenge.and.response" class="smpl">auth-scheme</a> 1*<a href="#notation" class="smpl">SP</a> #<a href="#challenge.and.response" class="smpl">auth-param</a>
    650 </pre><div class="note" id="rfc.section.2.1.p.6">
     646
     647  b64token       = 1*( <a href="#notation" class="smpl">ALPHA</a> / <a href="#notation" class="smpl">DIGIT</a> /
     648                       "-" / "." / "_" / "~" / "+" / "/" ) *"="
     649</pre><p id="rfc.section.2.1.p.3">The "b64token" syntax allows the 66 unreserved URI characters (<a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>), plus a few others, so that it can hold a base64, base64url (URL and filename safe alphabet), base32, or base16 (hex) encoding,
     650         with or without padding, but excluding whitespace (<a href="#RFC4648" id="rfc.xref.RFC4648.1"><cite title="The Base16, Base32, and Base64 Data Encodings">[RFC4648]</cite></a>).
     651      </p>
     652      <p id="rfc.section.2.1.p.4">The 401 (Unauthorized) response message is used by an origin server to challenge the authorization of a user agent. This response <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one challenge applicable to the requested resource.
     653      </p>
     654      <p id="rfc.section.2.1.p.5">The 407 (Proxy Authentication Required) response message is used by a proxy to challenge the authorization of a client and <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing at least one challenge applicable to the proxy for the requested resource.
     655      </p>
     656      <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.c.1"></span><span id="rfc.iref.g.4"></span>  <a href="#challenge.and.response" class="smpl">challenge</a>   = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#notation" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]
     657</pre><div class="note" id="rfc.section.2.1.p.7">
    651658         <p> <b>Note:</b> User agents will need to take special care in parsing the WWW-Authenticate and Proxy-Authenticate header field values because
    652659            they can contain more than one challenge, or if more than one of each is provided, since the contents of a challenge can itself
     
    654661         </p>
    655662      </div>
    656       <div class="note" id="rfc.section.2.1.p.7">
     663      <div class="note" id="rfc.section.2.1.p.8">
    657664         <p> <b>Note:</b> Many browsers fail to parse challenges containing unknown schemes. A workaround for this problem is to list well-supported
    658665            schemes (such as "basic") first.
    659666         </p>
    660667      </div>
    661       <p id="rfc.section.2.1.p.8">A user agent that wishes to authenticate itself with an origin server — usually, but not necessarily, after receiving a 401
     668      <p id="rfc.section.2.1.p.9">A user agent that wishes to authenticate itself with an origin server — usually, but not necessarily, after receiving a 401
    662669         (Unauthorized) — <em class="bcp14">MAY</em> do so by including an Authorization header field with the request.
    663670      </p>
    664       <p id="rfc.section.2.1.p.9">A client that wishes to authenticate itself with a proxy — usually, but not necessarily, after receiving a 407 (Proxy Authentication
     671      <p id="rfc.section.2.1.p.10">A client that wishes to authenticate itself with a proxy — usually, but not necessarily, after receiving a 407 (Proxy Authentication
    665672         Required) — <em class="bcp14">MAY</em> do so by including a Proxy-Authorization header field with the request.
    666673      </p>
    667       <p id="rfc.section.2.1.p.10">Both the Authorization field value and the Proxy-Authorization field value consist of credentials containing the authentication
     674      <p id="rfc.section.2.1.p.11">Both the Authorization field value and the Proxy-Authorization field value consist of credentials containing the authentication
    668675         information of the client for the realm of the resource being requested. The user agent <em class="bcp14">MUST</em> choose to use one of the challenges with the strongest auth-scheme it understands and request credentials from the user based
    669676         upon that challenge.
    670677      </p>
    671       <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.c.2"></span><span id="rfc.iref.g.4"></span>  <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> 1*<a href="#notation" class="smpl">SP</a> ( <a href="#core.rules" class="smpl">token</a>
    672                                  / <a href="#core.rules" class="smpl">quoted-string</a>
    673                                  / #<a href="#challenge.and.response" class="smpl">auth-param</a> )
    674 </pre><p id="rfc.section.2.1.p.12">If the origin server does not wish to accept the credentials sent with a request, it <em class="bcp14">SHOULD</em> return a 401 (Unauthorized) response. The response <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.
    675       </p>
    676       <p id="rfc.section.2.1.p.13">If a proxy does not accept the credentials sent with a request, it <em class="bcp14">SHOULD</em> return a 407 (Proxy Authentication Required). The response <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy for the requested
     678      <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.c.2"></span><span id="rfc.iref.g.5"></span>  <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#notation" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]
     679</pre><p id="rfc.section.2.1.p.13">If the origin server does not wish to accept the credentials sent with a request, it <em class="bcp14">SHOULD</em> return a 401 (Unauthorized) response. The response <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.
     680      </p>
     681      <p id="rfc.section.2.1.p.14">If a proxy does not accept the credentials sent with a request, it <em class="bcp14">SHOULD</em> return a 407 (Proxy Authentication Required). The response <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy for the requested
    677682         resource.
    678683      </p>
    679       <p id="rfc.section.2.1.p.14">The HTTP protocol does not restrict applications to this simple challenge-response mechanism for access authentication. Additional
     684      <p id="rfc.section.2.1.p.15">The HTTP protocol does not restrict applications to this simple challenge-response mechanism for access authentication. Additional
    680685         mechanisms <em class="bcp14">MAY</em> be used, such as encryption at the transport level or via message encapsulation, and with additional header fields specifying
    681686         authentication information. However, such additional mechanisms are not defined by this specification.
    682687      </p>
    683       <p id="rfc.section.2.1.p.15">Proxies <em class="bcp14">MUST</em> forward the WWW-Authenticate and Authorization headers unmodified and follow the rules found in <a href="#header.authorization" id="rfc.xref.header.authorization.1" title="Authorization">Section&nbsp;4.1</a>.
     688      <p id="rfc.section.2.1.p.16">Proxies <em class="bcp14">MUST</em> forward the WWW-Authenticate and Authorization headers unmodified and follow the rules found in <a href="#header.authorization" id="rfc.xref.header.authorization.1" title="Authorization">Section&nbsp;4.1</a>.
    684689      </p>
    685690      <div id="rfc.iref.p.1"></div>
     
    687692      <h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a>&nbsp;<a id="protection.space" href="#protection.space">Protection Space (Realm)</a></h2>
    688693      <p id="rfc.section.2.2.p.1">The authentication parameter realm is reserved for use by authentication schemes that wish to indicate the scope of protection:</p>
    689       <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.r.2"></span><span id="rfc.iref.r.3"></span><span id="rfc.iref.g.5"></span>  realm       = "realm" "=" realm-value
     694      <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.r.2"></span><span id="rfc.iref.r.3"></span><span id="rfc.iref.g.6"></span>  realm       = "realm" "=" realm-value
    690695  realm-value = quoted-string
    691696</pre><p id="rfc.section.2.2.p.3">A <dfn>protection space</dfn> is defined by the canonical root URI (the scheme and authority components of the effective request URI; see <a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.7"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) of the server being accessed, in combination with the realm value if present. These realms allow the protected resources
     
    726731         <li>
    727732            <p>The authentication parameter "realm" is reserved for defining Protection Spaces as defined in <a href="#protection.space" title="Protection Space (Realm)">Section&nbsp;2.2</a>. New schemes <em class="bcp14">MUST NOT</em> use it in a way incompatible with that definition.
     733            </p>
     734         </li>
     735         <li>
     736            <p>The "b64token" notation was introduced for compatibility with existing authentication schemes and can only be used once per
     737               challenge/credentials. New schemes thus ought to use the "auth-param" syntax instead, because otherwise future extensions
     738               will be impossible.
    728739            </p>
    729740         </li>
     
    744755      </ul>
    745756      <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="status.code.definitions" href="#status.code.definitions">Status Code Definitions</a></h1>
    746       <div id="rfc.iref.13"></div>
     757      <div id="rfc.iref.15"></div>
    747758      <div id="rfc.iref.s.1"></div>
    748759      <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a>&nbsp;<a id="status.401" href="#status.401">401 Unauthorized</a></h2>
     
    752763         information.
    753764      </p>
    754       <div id="rfc.iref.14"></div>
     765      <div id="rfc.iref.16"></div>
    755766      <div id="rfc.iref.s.2"></div>
    756767      <h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a>&nbsp;<a id="status.407" href="#status.407">407 Proxy Authentication Required</a></h2>
     
    767778         for the realm of the resource being requested.
    768779      </p>
    769       <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.6"></span>  <a href="#header.authorization" class="smpl">Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a>
     780      <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.7"></span>  <a href="#header.authorization" class="smpl">Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a>
    770781</pre><p id="rfc.section.4.1.p.3">If a request is authenticated and a realm specified, the same credentials <em class="bcp14">SHOULD</em> be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise,
    771782         such as credentials that vary according to a challenge value or using synchronized clocks).
     
    790801         to the proxy for this effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.9"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). It <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response.
    791802      </p>
    792       <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.7"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a>
     803      <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.8"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a>
    793804</pre><p id="rfc.section.4.2.p.3">Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting
    794805         them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate
     
    802813         the resource being requested.
    803814      </p>
    804       <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.8"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a>
     815      <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.9"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a>
    805816</pre><p id="rfc.section.4.3.p.3">Unlike Authorization, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication
    806817         using the Proxy-Authenticate field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed
     
    817828         response.
    818829      </p>
    819       <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.9"></span>  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a>
     830      <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.10"></span>  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a>
    820831</pre><p id="rfc.section.4.4.p.4">User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one
    821832         challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a
     
    962973      <h2 id="rfc.references.2"><a href="#rfc.section.8.2" id="rfc.section.8.2">8.2</a> Informative References
    963974      </h2>
    964       <table>       
     975      <table>           
    965976         <tr>
    966977            <td class="reference"><b id="RFC2616">[RFC2616]</b></td>
     
    976987            <td class="reference"><b id="RFC3864">[RFC3864]</b></td>
    977988            <td class="top"><a href="mailto:GK-IETF@ninebynine.org" title="Nine by Nine">Klyne, G.</a>, <a href="mailto:mnot@pobox.com" title="BEA Systems">Nottingham, M.</a>, and <a href="mailto:JeffMogul@acm.org" title="HP Labs">J. Mogul</a>, “<a href="http://tools.ietf.org/html/rfc3864">Registration Procedures for Message Header Fields</a>”, BCP&nbsp;90, RFC&nbsp;3864, September&nbsp;2004.
     989            </td>
     990         </tr>
     991         <tr>
     992            <td class="reference"><b id="RFC3986">[RFC3986]</b></td>
     993            <td class="top"><a href="mailto:timbl@w3.org" title="World Wide Web Consortium">Berners-Lee, T.</a>, <a href="mailto:fielding@gbiv.com" title="Day Software">Fielding, R.</a>, and <a href="mailto:LMM@acm.org" title="Adobe Systems Incorporated">L. Masinter</a>, “<a href="http://tools.ietf.org/html/rfc3986">Uniform Resource Identifier (URI): Generic Syntax</a>”, STD&nbsp;66, RFC&nbsp;3986, January&nbsp;2005.
     994            </td>
     995         </tr>
     996         <tr>
     997            <td class="reference"><b id="RFC4648">[RFC4648]</b></td>
     998            <td class="top">Josefsson, S., “<a href="http://tools.ietf.org/html/rfc4648">The Base16, Base32, and Base64 Data Encodings</a>”, RFC&nbsp;4648, October&nbsp;2006.
    978999            </td>
    9791000         </tr>
     
    10061027         (<a href="#access.authentication.framework" title="Access Authentication Framework">Section&nbsp;2</a>)
    10071028      </p>
    1008       <p id="rfc.section.A.p.2">Change ABNF productions for header fields to only define the field value. (<a href="#header.fields" title="Header Field Definitions">Section&nbsp;4</a>)
     1029      <p id="rfc.section.A.p.2">The "b64token" alternative to auth-param lists has been added for consistency with legacy authentication schemes such as "Basic".
     1030         (<a href="#access.authentication.framework" title="Access Authentication Framework">Section&nbsp;2</a>)
     1031      </p>
     1032      <p id="rfc.section.A.p.3">Change ABNF productions for header fields to only define the field value. (<a href="#header.fields" title="Header Field Definitions">Section&nbsp;4</a>)
    10091033      </p>
    10101034      <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1>
     
    10251049<a href="#challenge.and.response" class="smpl">auth-scheme</a> = token
    10261050
    1027 <a href="#challenge.and.response" class="smpl">challenge</a> = auth-scheme 1*SP [ ( "," / auth-param ) *( OWS "," [ OWS
    1028  auth-param ] ) ]
    1029 <a href="#challenge.and.response" class="smpl">credentials</a> = auth-scheme 1*SP ( token / quoted-string / [ ( "," /
    1030  auth-param ) *( OWS "," [ OWS auth-param ] ) ] )
     1051<a href="#challenge.and.response" class="smpl">b64token</a> = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" )
     1052 *"="
     1053
     1054<a href="#challenge.and.response" class="smpl">challenge</a> = auth-scheme [ 1*SP ( b64token / [ ( "," / auth-param ) *(
     1055 OWS "," [ OWS auth-param ] ) ] ) ]
     1056<a href="#challenge.and.response" class="smpl">credentials</a> = auth-scheme [ 1*SP ( b64token / [ ( "," / auth-param )
     1057 *( OWS "," [ OWS auth-param ] ) ] ) ]
    10311058
    10321059<a href="#core.rules" class="smpl">quoted-string</a> = &lt;quoted-string, defined in [Part1], Section 1.2.2&gt;
     
    11361163         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/177">http://tools.ietf.org/wg/httpbis/trac/ticket/177</a>&gt;: "Realm required on challenges"
    11371164         </li>
     1165         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/195">http://tools.ietf.org/wg/httpbis/trac/ticket/195</a>&gt;: "auth-param syntax"
     1166         </li>
    11381167         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/257">http://tools.ietf.org/wg/httpbis/trac/ticket/257</a>&gt;: "Considerations for new authentications schemes"
    11391168         </li>
     
    11441173      </ul>
    11451174      <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1>
    1146       <p class="noprint"><a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.S">S</a> <a href="#rfc.index.W">W</a>
     1175      <p class="noprint"><a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index.B">B</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.S">S</a> <a href="#rfc.index.W">W</a>
    11471176      </p>
    11481177      <div class="print2col">
    11491178         <ul class="ind">
    11501179            <li><a id="rfc.index.4" href="#rfc.index.4"><b>4</b></a><ul>
    1151                   <li>401 Unauthorized (status code)&nbsp;&nbsp;<a href="#rfc.iref.13"><b>3.1</b></a>, <a href="#rfc.xref.status.401.1">5.2</a></li>
    1152                   <li>407 Proxy Authentication Required (status code)&nbsp;&nbsp;<a href="#rfc.iref.14"><b>3.2</b></a>, <a href="#rfc.xref.status.407.1">5.2</a></li>
     1180                  <li>401 Unauthorized (status code)&nbsp;&nbsp;<a href="#rfc.iref.15"><b>3.1</b></a>, <a href="#rfc.xref.status.401.1">5.2</a></li>
     1181                  <li>407 Proxy Authentication Required (status code)&nbsp;&nbsp;<a href="#rfc.iref.16"><b>3.2</b></a>, <a href="#rfc.xref.status.407.1">5.2</a></li>
    11531182               </ul>
    11541183            </li>
     
    11571186                  <li><tt>auth-scheme</tt>&nbsp;&nbsp;<a href="#rfc.iref.a.1"><b>2.1</b></a></li>
    11581187                  <li>Authorization header field&nbsp;&nbsp;<a href="#rfc.xref.header.authorization.1">2.1</a>, <a href="#rfc.xref.header.authorization.2">3.1</a>, <a href="#rfc.iref.a.3"><b>4.1</b></a>, <a href="#rfc.xref.header.authorization.3">5.3</a></li>
     1188               </ul>
     1189            </li>
     1190            <li><a id="rfc.index.B" href="#rfc.index.B"><b>B</b></a><ul>
     1191                  <li><tt>b64token</tt>&nbsp;&nbsp;<a href="#rfc.iref.b.1"><b>2.1</b></a></li>
    11591192               </ul>
    11601193            </li>
     
    11691202                        <li><tt>auth-param</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.2"><b>2.1</b></a></li>
    11701203                        <li><tt>auth-scheme</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.1"><b>2.1</b></a></li>
    1171                         <li><tt>Authorization</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.6"><b>4.1</b></a></li>
    1172                         <li><tt>challenge</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.3"><b>2.1</b></a></li>
    1173                         <li><tt>credentials</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.4"><b>2.1</b></a></li>
    1174                         <li><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.7"><b>4.2</b></a></li>
    1175                         <li><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.8"><b>4.3</b></a></li>
    1176                         <li><tt>realm</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.5"><b>2.2</b></a></li>
    1177                         <li><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.9"><b>4.4</b></a></li>
     1204                        <li><tt>Authorization</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.7"><b>4.1</b></a></li>
     1205                        <li><tt>b64token</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.3"><b>2.1</b></a></li>
     1206                        <li><tt>challenge</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.4"><b>2.1</b></a></li>
     1207                        <li><tt>credentials</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.5"><b>2.1</b></a></li>
     1208                        <li><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.8"><b>4.2</b></a></li>
     1209                        <li><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.9"><b>4.3</b></a></li>
     1210                        <li><tt>realm</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.6"><b>2.2</b></a></li>
     1211                        <li><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.10"><b>4.4</b></a></li>
    11781212                     </ul>
    11791213                  </li>
     
    12201254                  </li>
    12211255                  <li><em>RFC3864</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC3864.1">5.3</a>, <a href="#RFC3864"><b>8.2</b></a></li>
     1256                  <li><em>RFC3986</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC3986.1">2.1</a>, <a href="#RFC3986"><b>8.2</b></a></li>
     1257                  <li><em>RFC4648</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC4648.1">2.1</a>, <a href="#RFC4648"><b>8.2</b></a></li>
    12221258                  <li><em>RFC5226</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5226.1">2.3</a>, <a href="#RFC5226"><b>8.2</b></a><ul>
    12231259                        <li><em>Section 4.1</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC5226.1">2.3</a></li>
Note: See TracChangeset for help on using the changeset viewer.