Ignore:
Timestamp:
31/10/11 08:58:42 (9 years ago)
Author:
julian.reschke@…
Message:

Explain that new authentication schemes can not override the parsing rules for WWW-Authenticate with respect to param value syntax, and also add an example for a non-trivial to parse header field instance (see #320)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis/latest/p7-auth.xml

    r1452 r1465  
    509509    <x:lt>
    510510    <t>
     511      The parsing of challenges and credentials is defined by this specification,
     512      and cannot be modified by new authentication schemes. When the auth-param
     513      syntax is used, all parameters ought to support both token and
     514      quoted-string syntax, and syntactical constraints ought to be defined on
     515      the field value after parsing (i.e., quoted-string processing). This is
     516      necessary so that recipients can use a generic parser that applies to
     517      all authentication schemes.
     518    </t>
     519    <t>
     520      <x:h>Note:</x:h> the fact that the value syntax for the "realm" parameter
     521      is restricted to quoted-string was a bad design choice not to be repeated
     522      for new parameters.
     523    </t>
     524    </x:lt>
     525    <x:lt>
     526    <t>
    511527      Authentication schemes need to document whether they are usable in
    512528      origin-server authentication (i.e., using WWW-Authenticate), and/or
     
    701717   authentication parameters.
    702718</t>
     719<figure>
     720  <preamble>For instance:</preamble>
     721  <artwork type="example">
     722  WWW-Authenticate: Newauth realm="apps", type=1,
     723                    title="Login to \"apps\"", Basic realm="simple"
     724</artwork>
     725  <postamble>
     726  This header field contains two challenges; one for the "Newauth" scheme
     727  with a realm value of "apps", and two additional parameters "type" and
     728  "title", and another one for the "Basic" scheme with a realm value of "simple".
     729</postamble></figure>
    703730</section>
    704731
     
    14131440      "Document HTTP's error-handling philosophy"
    14141441    </t>
     1442    <t>
     1443      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/320"/>:
     1444      "add advice on defining auth scheme parameters"
     1445    </t>
    14151446  </list>
    14161447</t>
Note: See TracChangeset for help on using the changeset viewer.