30/01/12 01:48:21 (11 years ago)

Streamline the meaty sections by moving the miscellaneous conformance
and error handling down where it is applicable, and the ABNF stuff only
used by header fields down to the header fields sections. Simplify
the reference to ABNF in all parts.

Clarify what stateless means for HTTP and correct overstatement
about connection-based authentication. Move discussion of streaming
to where it belongs.

Clarify section on request-target by reordering it by common types
and use an example that has path and query. Provide an example
for CONNECT authority-form. Remove obsolete note about the "no rewrite" rule.

1 edited


  • draft-ietf-httpbis/latest/p7-auth.xml

    r1500 r1518  
    1818  <!ENTITY architecture                 "<xref target='Part1' x:rel='#architecture' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    1919  <!ENTITY notation                     "<xref target='Part1' x:rel='#notation' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    20   <!ENTITY notation-abnf                "<xref target='Part1' x:rel='#notation.abnf' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
     20  <!ENTITY abnf-extension               "<xref target='Part1' x:rel='#abnf.extension' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2121  <!ENTITY acks                         "<xref target='Part1' x:rel='#acks' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    22   <!ENTITY basic-rules                  "<xref target='Part1' x:rel='#basic.rules' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    23   <!ENTITY field-rules                  "<xref target='Part1' x:rel='#field.rules' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
     22  <!ENTITY whitespace                   "<xref target='Part1' x:rel='#whitespace' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
     23  <!ENTITY field-components             "<xref target='Part1' x:rel='#field.components' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2424  <!ENTITY effective-request-uri        "<xref target='Part1' x:rel='#effective.request.uri' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    25   <!ENTITY msg-orient-and-buffering     "<xref target='Part1' x:rel='#message-orientation-and-buffering' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
     25  <!ENTITY msg-orient-and-buffering     "<xref target='Part1' x:rel='#intermediaries' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2626  <!ENTITY end-to-end.and-hop-by-hop    "<xref target='Part1' x:rel='#end-to-end.and.hop-by-hop.header-fields' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    2727  <!ENTITY shared-and-non-shared-caches "<xref target='Part6' x:rel='#shared.and.non-shared.caches' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
    275275  <x:anchor-alias value="SP"/>
    277   This specification uses the ABNF syntax defined in &notation; (which
    278   extends the syntax defined in <xref target="RFC5234"/> with a list rule).
    279   <xref target="collected.abnf"/> shows the collected ABNF, with the list
    280   rule expanded.
     277   This specification uses the Augmented Backus-Naur Form (ABNF) notation
     278   of <xref target="RFC5234"/> with the list rule extension defined in
     279   &notation;.  <xref target="collected.abnf"/> shows the collected ABNF
     280   with the list rule expanded.
    300300<figure><artwork type="abnf2616">
    301   <x:ref>BWS</x:ref>           = &lt;BWS, defined in &basic-rules;&gt;
    302   <x:ref>OWS</x:ref>           = &lt;OWS, defined in &basic-rules;&gt;
    303   <x:ref>quoted-string</x:ref> = &lt;quoted-string, defined in &field-rules;&gt;
    304   <x:ref>token</x:ref>         = &lt;token, defined in &field-rules;&gt;
     301  <x:ref>BWS</x:ref>           = &lt;BWS, defined in &whitespace;&gt;
     302  <x:ref>OWS</x:ref>           = &lt;OWS, defined in &whitespace;&gt;
     303  <x:ref>quoted-string</x:ref> = &lt;quoted-string, defined in &field-components;&gt;
     304  <x:ref>token</x:ref>         = &lt;token, defined in &field-components;&gt;
    492492    <x:lt>
    493493    <t>
    494       Authentication schemes need to be compatible with the inherent
    495       constraints of HTTP; for instance, that messages need to keep their
    496       semantics when inspected in isolation, thus an authentication scheme
    497       can not bind information to the TCP session over which the message
    498       was received (see &msg-orient-and-buffering;).
     494      HTTP authentication is presumed to be stateless: all of the information
     495      necessary to authenticate a request &MUST; be provided in the request,
     496      rather than be dependent on the server remembering prior requests.
     497      Authentication based on, or bound to, the underlying connection is
     498      outside the scope of this specification and inherently flawed unless
     499      steps are taken to ensure that the connection cannot be used by any
     500      party other than the authenticated user
     501      (see &msg-orient-and-buffering;).
    499502    </t>
    500503    </x:lt>
Note: See TracChangeset for help on using the changeset viewer.