Changeset 1694 for draft-ietf-httpbis
- Timestamp:
- 24/06/12 09:50:41 (10 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p7-auth.html
r1693 r1694 449 449 } 450 450 @bottom-center { 451 content: "Expires December 2 5, 2012";451 content: "Expires December 26, 2012"; 452 452 } 453 453 @bottom-right { … … 489 489 <meta name="dct.creator" content="Reschke, J. F."> 490 490 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest"> 491 <meta name="dct.issued" scheme="ISO8601" content="2012-06-2 3">491 <meta name="dct.issued" scheme="ISO8601" content="2012-06-24"> 492 492 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 493 493 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 7 of the seven-part specification that defines the protocol referred to as "HTTP/1.1" and, taken together, obsoletes RFC 2616. Part 7 defines the HTTP Authentication framework."> … … 520 520 </tr> 521 521 <tr> 522 <td class="left">Expires: December 2 5, 2012</td>522 <td class="left">Expires: December 26, 2012</td> 523 523 <td class="right">greenbytes</td> 524 524 </tr> 525 525 <tr> 526 526 <td class="left"></td> 527 <td class="right">June 2 3, 2012</td>527 <td class="right">June 24, 2012</td> 528 528 </tr> 529 529 </tbody> … … 553 553 in progress”. 554 554 </p> 555 <p>This Internet-Draft will expire on December 2 5, 2012.</p>555 <p>This Internet-Draft will expire on December 26, 2012.</p> 556 556 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 557 557 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 711 711 </p> 712 712 <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.c.2"></span><span id="rfc.iref.g.5"></span> <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#notation" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ] 713 </pre><p id="rfc.section.2.1.p.14">Requests for protected resources that omit credentials, contain invalid credentials (e.g., a bad password), or partial credentials 714 (e.g., when the authentication scheme requires more than one round trip) <em class="bcp14">SHOULD</em> return a 401 (Unauthorized) response. Such responses <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource. 715 </p> 716 <p id="rfc.section.2.1.p.15">Likewise, requests that require authentication by proxies that omit credentials, or contain invalid or partial credentials <em class="bcp14">SHOULD</em> return a 407 (Proxy Authentication Required) response. Such responses <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy. 713 </pre><p id="rfc.section.2.1.p.14">Upon a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password) or partial 714 credentials (e.g., when the authentication scheme requires more than one round trip), an origin server <em class="bcp14">SHOULD</em> return a 401 (Unauthorized) response. Such responses <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource. 715 </p> 716 <p id="rfc.section.2.1.p.15">Likewise, upon a request that requires authentication by proxies that omit credentials or contain invalid or partial credentials, 717 a proxy <em class="bcp14">SHOULD</em> return a 407 (Proxy Authentication Required) response. Such responses <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy. 717 718 </p> 718 719 <p id="rfc.section.2.1.p.16">A server receiving credentials that are valid, but not adequate to gain access, ought to respond with the 403 (Forbidden) … … 858 859 </p> 859 860 <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.7"></span> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a> 860 </pre><p id="rfc.section.4.2.p.3">Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting861 them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate862 headerfield.861 </pre><p id="rfc.section.4.2.p.3">Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and intermediaries <em class="bcp14">SHOULD NOT</em> forward it to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting them 862 from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate header 863 field. 863 864 </p> 864 865 <p id="rfc.section.4.2.p.4">Note that the parsing considerations for WWW-Authenticate apply to this header field as well; see <a href="#header.www-authenticate" id="rfc.xref.header.www-authenticate.2" title="WWW-Authenticate">Section 4.4</a> for details. -
draft-ietf-httpbis/latest/p7-auth.xml
r1693 r1694 313 313 </artwork></figure> 314 314 <t> 315 Requests for protected resources that omit credentials, contain invalid316 credentials (e.g., a bad password), or partial credentials (e.g., when the317 authentication scheme requires more than one round trip) &SHOULD; return a318 401 (Unauthorized) response. Such responses &MUST; include a319 WWW-Authenticate header field containing at least one (possibly new)320 challenge applicable to the requested resource.321 </t> 322 <t> 323 Likewise, requests that requireauthentication by proxies that omit324 credentials , or contain invalid or partial credentials &SHOULD; return a325 407 (Proxy Authentication Required) response. Such responses &MUST;326 include a Proxy-Authenticate header field containing a (possibly new)327 challenge applicable to the proxy.315 Upon a request for a protected resource that omits credentials, contains 316 invalid credentials (e.g., a bad password) or partial credentials (e.g., 317 when the authentication scheme requires more than one round trip), an origin 318 server &SHOULD; return a 401 (Unauthorized) response. Such responses &MUST; 319 include a WWW-Authenticate header field containing at least one (possibly 320 new) challenge applicable to the requested resource. 321 </t> 322 <t> 323 Likewise, upon a request that requires authentication by proxies that omit 324 credentials or contain invalid or partial credentials, a proxy &SHOULD; 325 return a 407 (Proxy Authentication Required) response. Such responses 326 &MUST; include a Proxy-Authenticate header field containing a (possibly 327 new) challenge applicable to the proxy. 328 328 </t> 329 329 <t> … … 600 600 <t> 601 601 Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to 602 the current connection and &SHOULD-NOT; be passed on to downstream603 clients. However, an intermediate proxy might need to obtain its own604 credentials by requesting them from the downstream client, which in602 the current connection, and intermediaries &SHOULD-NOT; forward it to 603 downstream clients. However, an intermediate proxy might need to obtain its 604 own credentials by requesting them from the downstream client, which in 605 605 some circumstances will appear as if the proxy is forwarding the 606 606 Proxy-Authenticate header field.
Note: See TracChangeset
for help on using the changeset viewer.