Ignore:
Timestamp:
Jun 21, 2012, 1:17:43 AM (7 years ago)
Author:
julian.reschke@…
Message:

Clarify authentication exchanges (see #357)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p7-auth.xml

    r1678 r1681  
    312312</artwork></figure>
    313313<t>
    314    If the origin server does not wish to accept the credentials sent
    315    with a request, it &SHOULD; return a 401 (Unauthorized) response. The
    316    response &MUST; include a WWW-Authenticate header field containing at
    317    least one (possibly new) challenge applicable to the requested
    318    resource.
    319 </t>
    320 <t>
    321    If a proxy does not accept the credentials sent with a request, it &SHOULD;
    322    return a 407 (Proxy Authentication Required) response. The
    323    response &MUST; include a Proxy-Authenticate header field containing a
    324    (possibly new) challenge applicable to the proxy for the requested
    325    resource.
     314   Requests for protected resources that omit credentials, contain invalid
     315   credentials (e.g., a bad password), or partial credentials (e.g., when the
     316   authentication scheme requires more than one round trip) &SHOULD; return a
     317   401 (Unauthorized) response. Such responses &MUST; include a
     318   WWW-Authenticate header field containing at least one (possibly new)
     319   challenge applicable to the requested resource.
     320</t>
     321<t>
     322   Likewise, requests that require authentication by proxies that omit
     323   credentials, or contain invalid or partial credentials &SHOULD; return a
     324   407 (Proxy Authentication Required) response. Such responses &MUST;
     325   include a Proxy-Authenticate header field containing a (possibly new)
     326   challenge applicable to the proxy.
     327</t>
     328<t>
     329   A server receiving credentials that are valid, but not adequate to gain
     330   access, ought to respond with the 403 (Forbidden) status code.
    326331</t>
    327332<t>
     
    11551160      "Strength"
    11561161    </t>
     1162    <t>
     1163      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/357"/>:
     1164      "Authentication exchanges"
     1165    </t>
    11571166  </list>
    11581167</t>
Note: See TracChangeset for help on using the changeset viewer.