Ignore:
Timestamp:
Jun 21, 2012, 1:17:43 AM (7 years ago)
Author:
julian.reschke@…
Message:

Clarify authentication exchanges (see #357)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p7-auth.html

    r1678 r1681  
    449449  }
    450450  @bottom-center {
    451        content: "Expires December 19, 2012";
     451       content: "Expires December 23, 2012";
    452452  }
    453453  @bottom-right {
     
    489489      <meta name="dct.creator" content="Reschke, J. F.">
    490490      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest">
    491       <meta name="dct.issued" scheme="ISO8601" content="2012-06-17">
     491      <meta name="dct.issued" scheme="ISO8601" content="2012-06-21">
    492492      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
    493493      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 7 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 7 defines the HTTP Authentication framework.">
     
    520520            </tr>
    521521            <tr>
    522                <td class="left">Expires: December 19, 2012</td>
     522               <td class="left">Expires: December 23, 2012</td>
    523523               <td class="right">greenbytes</td>
    524524            </tr>
    525525            <tr>
    526526               <td class="left"></td>
    527                <td class="right">June 17, 2012</td>
     527               <td class="right">June 21, 2012</td>
    528528            </tr>
    529529         </tbody>
     
    553553         in progress”.
    554554      </p>
    555       <p>This Internet-Draft will expire on December 19, 2012.</p>
     555      <p>This Internet-Draft will expire on December 23, 2012.</p>
    556556      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    557557      <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    711711      </p>
    712712      <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.c.2"></span><span id="rfc.iref.g.5"></span>  <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#notation" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]
    713 </pre><p id="rfc.section.2.1.p.14">If the origin server does not wish to accept the credentials sent with a request, it <em class="bcp14">SHOULD</em> return a 401 (Unauthorized) response. The response <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.
    714       </p>
    715       <p id="rfc.section.2.1.p.15">If a proxy does not accept the credentials sent with a request, it <em class="bcp14">SHOULD</em> return a 407 (Proxy Authentication Required) response. The response <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy for the requested
    716          resource.
    717       </p>
    718       <p id="rfc.section.2.1.p.16">The HTTP protocol does not restrict applications to this simple challenge-response mechanism for access authentication. Additional
     713</pre><p id="rfc.section.2.1.p.14">Requests for protected resources that omit credentials, contain invalid credentials (e.g., a bad password), or partial credentials
     714         (e.g., when the authentication scheme requires more than one round trip) <em class="bcp14">SHOULD</em> return a 401 (Unauthorized) response. Such responses <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.
     715      </p>
     716      <p id="rfc.section.2.1.p.15">Likewise, requests that require authentication by proxies that omit credentials, or contain invalid or partial credentials <em class="bcp14">SHOULD</em> return a 407 (Proxy Authentication Required) response. Such responses <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy.
     717      </p>
     718      <p id="rfc.section.2.1.p.16">A server receiving credentials that are valid, but not adequate to gain access, ought to respond with the 403 (Forbidden)
     719         status code.
     720      </p>
     721      <p id="rfc.section.2.1.p.17">The HTTP protocol does not restrict applications to this simple challenge-response mechanism for access authentication. Additional
    719722         mechanisms <em class="bcp14">MAY</em> be used, such as encryption at the transport level or via message encapsulation, and with additional header fields specifying
    720723         authentication information. However, such additional mechanisms are not defined by this specification.
    721724      </p>
    722       <p id="rfc.section.2.1.p.17">Proxies <em class="bcp14">MUST</em> forward the WWW-Authenticate and Authorization headers unmodified and follow the rules found in <a href="#header.authorization" id="rfc.xref.header.authorization.1" title="Authorization">Section&nbsp;4.1</a>.
     725      <p id="rfc.section.2.1.p.18">Proxies <em class="bcp14">MUST</em> forward the WWW-Authenticate and Authorization headers unmodified and follow the rules found in <a href="#header.authorization" id="rfc.xref.header.authorization.1" title="Authorization">Section&nbsp;4.1</a>.
    723726      </p>
    724727      <div id="rfc.iref.p.1"></div>
     
    11451148         </li>
    11461149         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/349">http://tools.ietf.org/wg/httpbis/trac/ticket/349</a>&gt;: "Strength"
     1150         </li>
     1151         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/357">http://tools.ietf.org/wg/httpbis/trac/ticket/357</a>&gt;: "Authentication exchanges"
    11471152         </li>
    11481153      </ul>
Note: See TracChangeset for help on using the changeset viewer.