Changeset 1694 for draft-ietf-httpbis


Ignore:
Timestamp:
24/06/12 09:50:41 (10 years ago)
Author:
julian.reschke@…
Message:

tune conformance language (see #271)

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • draft-ietf-httpbis/latest/p7-auth.html

    r1693 r1694  
    449449  }
    450450  @bottom-center {
    451        content: "Expires December 25, 2012";
     451       content: "Expires December 26, 2012";
    452452  }
    453453  @bottom-right {
     
    489489      <meta name="dct.creator" content="Reschke, J. F.">
    490490      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest">
    491       <meta name="dct.issued" scheme="ISO8601" content="2012-06-23">
     491      <meta name="dct.issued" scheme="ISO8601" content="2012-06-24">
    492492      <meta name="dct.replaces" content="urn:ietf:rfc:2616">
    493493      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 7 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 7 defines the HTTP Authentication framework.">
     
    520520            </tr>
    521521            <tr>
    522                <td class="left">Expires: December 25, 2012</td>
     522               <td class="left">Expires: December 26, 2012</td>
    523523               <td class="right">greenbytes</td>
    524524            </tr>
    525525            <tr>
    526526               <td class="left"></td>
    527                <td class="right">June 23, 2012</td>
     527               <td class="right">June 24, 2012</td>
    528528            </tr>
    529529         </tbody>
     
    553553         in progress”.
    554554      </p>
    555       <p>This Internet-Draft will expire on December 25, 2012.</p>
     555      <p>This Internet-Draft will expire on December 26, 2012.</p>
    556556      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1>
    557557      <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p>
     
    711711      </p>
    712712      <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.c.2"></span><span id="rfc.iref.g.5"></span>  <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#notation" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]
    713 </pre><p id="rfc.section.2.1.p.14">Requests for protected resources that omit credentials, contain invalid credentials (e.g., a bad password), or partial credentials
    714          (e.g., when the authentication scheme requires more than one round trip) <em class="bcp14">SHOULD</em> return a 401 (Unauthorized) response. Such responses <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.
    715       </p>
    716       <p id="rfc.section.2.1.p.15">Likewise, requests that require authentication by proxies that omit credentials, or contain invalid or partial credentials <em class="bcp14">SHOULD</em> return a 407 (Proxy Authentication Required) response. Such responses <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy.
     713</pre><p id="rfc.section.2.1.p.14">Upon a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password) or partial
     714         credentials (e.g., when the authentication scheme requires more than one round trip), an origin server <em class="bcp14">SHOULD</em> return a 401 (Unauthorized) response. Such responses <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one (possibly new) challenge applicable to the requested resource.
     715      </p>
     716      <p id="rfc.section.2.1.p.15">Likewise, upon a request that requires authentication by proxies that omit credentials or contain invalid or partial credentials,
     717         a proxy <em class="bcp14">SHOULD</em> return a 407 (Proxy Authentication Required) response. Such responses <em class="bcp14">MUST</em> include a Proxy-Authenticate header field containing a (possibly new) challenge applicable to the proxy.
    717718      </p>
    718719      <p id="rfc.section.2.1.p.16">A server receiving credentials that are valid, but not adequate to gain access, ought to respond with the 403 (Forbidden)
     
    858859      </p>
    859860      <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.7"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a>
    860 </pre><p id="rfc.section.4.2.p.3">Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting
    861          them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate
    862          header field.
     861</pre><p id="rfc.section.4.2.p.3">Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection, and intermediaries <em class="bcp14">SHOULD NOT</em> forward it to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting them
     862         from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate header
     863         field.
    863864      </p>
    864865      <p id="rfc.section.4.2.p.4">Note that the parsing considerations for WWW-Authenticate apply to this header field as well; see <a href="#header.www-authenticate" id="rfc.xref.header.www-authenticate.2" title="WWW-Authenticate">Section&nbsp;4.4</a> for details.

  • draft-ietf-httpbis/latest/p7-auth.xml

    r1693 r1694  
    313313</artwork></figure>
    314314<t>
    315    Requests for protected resources that omit credentials, contain invalid
    316    credentials (e.g., a bad password), or partial credentials (e.g., when the
    317    authentication scheme requires more than one round trip) &SHOULD; return a
    318    401 (Unauthorized) response. Such responses &MUST; include a
    319    WWW-Authenticate header field containing at least one (possibly new)
    320    challenge applicable to the requested resource.
    321 </t>
    322 <t>
    323    Likewise, requests that require authentication by proxies that omit
    324    credentials, or contain invalid or partial credentials &SHOULD; return a
    325    407 (Proxy Authentication Required) response. Such responses &MUST;
    326    include a Proxy-Authenticate header field containing a (possibly new)
    327    challenge applicable to the proxy.
     315   Upon a request for a protected resource that omits credentials, contains
     316   invalid credentials (e.g., a bad password) or partial credentials (e.g.,
     317   when the authentication scheme requires more than one round trip), an origin
     318   server &SHOULD; return a 401 (Unauthorized) response. Such responses &MUST;
     319   include a WWW-Authenticate header field containing at least one (possibly
     320   new) challenge applicable to the requested resource.
     321</t>
     322<t>
     323   Likewise, upon a request that requires authentication by proxies that omit
     324   credentials or contain invalid or partial credentials, a proxy &SHOULD;
     325   return a 407 (Proxy Authentication Required) response. Such responses
     326   &MUST; include a Proxy-Authenticate header field containing a (possibly
     327   new) challenge applicable to the proxy.
    328328</t>
    329329<t>
     
    600600<t>
    601601   Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to
    602    the current connection and &SHOULD-NOT;  be passed on to downstream
    603    clients. However, an intermediate proxy might need to obtain its own
    604    credentials by requesting them from the downstream client, which in
     602   the current connection, and intermediaries &SHOULD-NOT;  forward it to
     603   downstream clients. However, an intermediate proxy might need to obtain its
     604   own credentials by requesting them from the downstream client, which in
    605605   some circumstances will appear as if the proxy is forwarding the
    606606   Proxy-Authenticate header field.
Note: See TracChangeset for help on using the changeset viewer.