Changeset 1815 for draft-ietf-httpbis/latest/p7-auth.html
- Timestamp:
- 18/07/12 19:41:31 (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p7-auth.html
r1808 r1815 449 449 } 450 450 @bottom-center { 451 content: "Expires January 1 7, 2013";451 content: "Expires January 19, 2013"; 452 452 } 453 453 @bottom-right { … … 490 490 <meta name="dct.creator" content="Reschke, J. F."> 491 491 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest"> 492 <meta name="dct.issued" scheme="ISO8601" content="2012-07-1 6">492 <meta name="dct.issued" scheme="ISO8601" content="2012-07-18"> 493 493 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 494 494 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This document defines the HTTP Authentication framework."> … … 521 521 </tr> 522 522 <tr> 523 <td class="left">Expires: January 1 7, 2013</td>523 <td class="left">Expires: January 19, 2013</td> 524 524 <td class="right">greenbytes</td> 525 525 </tr> 526 526 <tr> 527 527 <td class="left"></td> 528 <td class="right">July 1 6, 2012</td>528 <td class="right">July 18, 2012</td> 529 529 </tr> 530 530 </tbody> … … 551 551 in progress”. 552 552 </p> 553 <p>This Internet-Draft will expire on January 1 7, 2013.</p>553 <p>This Internet-Draft will expire on January 19, 2013.</p> 554 554 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 555 555 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 665 665 <p id="rfc.section.2.1.p.2">Parameters are name-value pairs where the name is matched case-insensitively, and each parameter name <em class="bcp14">MUST</em> only occur once per challenge. 666 666 </p> 667 <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.a.1"></span><span id="rfc.iref.a.2"></span><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span><span id="rfc.iref. b.1"></span><span id="rfc.iref.g.3"></span> auth-scheme = <a href="#imported.abnf" class="smpl">token</a>667 <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.a.1"></span><span id="rfc.iref.a.2"></span><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span><span id="rfc.iref.t.1"></span><span id="rfc.iref.g.3"></span> auth-scheme = <a href="#imported.abnf" class="smpl">token</a> 668 668 669 669 auth-param = <a href="#imported.abnf" class="smpl">token</a> <a href="#imported.abnf" class="smpl">BWS</a> "=" <a href="#imported.abnf" class="smpl">BWS</a> ( <a href="#imported.abnf" class="smpl">token</a> / <a href="#imported.abnf" class="smpl">quoted-string</a> ) 670 670 671 b64token= 1*( <a href="#imported.abnf" class="smpl">ALPHA</a> / <a href="#imported.abnf" class="smpl">DIGIT</a> /671 token68 = 1*( <a href="#imported.abnf" class="smpl">ALPHA</a> / <a href="#imported.abnf" class="smpl">DIGIT</a> / 672 672 "-" / "." / "_" / "~" / "+" / "/" ) *"=" 673 </pre><p id="rfc.section.2.1.p.4">The " b64token" syntax allows the 66 unreserved URI characters (<a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>), plus a few others, so that it can hold a base64, base64url (URL and filename safe alphabet), base32, or base16 (hex) encoding,673 </pre><p id="rfc.section.2.1.p.4">The "token68" syntax allows the 66 unreserved URI characters (<a href="#RFC3986" id="rfc.xref.RFC3986.1"><cite title="Uniform Resource Identifier (URI): Generic Syntax">[RFC3986]</cite></a>), plus a few others, so that it can hold a base64, base64url (URL and filename safe alphabet), base32, or base16 (hex) encoding, 674 674 with or without padding, but excluding whitespace (<a href="#RFC4648" id="rfc.xref.RFC4648.1"><cite title="The Base16, Base32, and Base64 Data Encodings">[RFC4648]</cite></a>). 675 675 </p> … … 678 678 <p id="rfc.section.2.1.p.6">The <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> response message is used by a proxy to challenge the authorization of a client and <em class="bcp14">MUST</em> include a <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field containing at least one challenge applicable to the proxy for the requested resource. 679 679 </p> 680 <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.c.1"></span><span id="rfc.iref.g.4"></span> <a href="#challenge.and.response" class="smpl">challenge</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl"> b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]680 <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.c.1"></span><span id="rfc.iref.g.4"></span> <a href="#challenge.and.response" class="smpl">challenge</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">token68</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ] 681 681 </pre><div class="note" id="rfc.section.2.1.p.8"> 682 682 <p> <b>Note:</b> User agents will need to take special care in parsing the <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> and <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field values because they can contain more than one challenge, or if more than one of each is provided, since the contents … … 698 698 user as appropriate. 699 699 </p> 700 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.c.2"></span><span id="rfc.iref.g.5"></span> <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl"> b64token</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]700 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.c.2"></span><span id="rfc.iref.g.5"></span> <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">token68</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ] 701 701 </pre><p id="rfc.section.2.1.p.14">Upon a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password) or partial 702 702 credentials (e.g., when the authentication scheme requires more than one round trip), an origin server <em class="bcp14">SHOULD</em> return a <a href="#status.401" class="smpl">401 (Unauthorized)</a> response. Such responses <em class="bcp14">MUST</em> include a <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> header field containing at least one (possibly new) challenge applicable to the requested resource. … … 761 761 </li> 762 762 <li> 763 <p>The " b64token" notation was introduced for compatibility with existing authentication schemes and can only be used once per763 <p>The "token68" notation was introduced for compatibility with existing authentication schemes and can only be used once per 764 764 challenge/credentials. New schemes thus ought to use the "auth-param" syntax instead, because otherwise future extensions 765 765 will be impossible. … … 1089 1089 (<a href="#access.authentication.framework" title="Access Authentication Framework">Section 2</a>) 1090 1090 </p> 1091 <p id="rfc.section.A.p.2">The " b64token" alternative to auth-param lists has been added for consistency with legacy authentication schemes such as "Basic".1091 <p id="rfc.section.A.p.2">The "token68" alternative to auth-param lists has been added for consistency with legacy authentication schemes such as "Basic". 1092 1092 (<a href="#access.authentication.framework" title="Access Authentication Framework">Section 2</a>) 1093 1093 </p> … … 1124 1124 <a href="#challenge.and.response" class="smpl">auth-scheme</a> = token 1125 1125 1126 <a href="#challenge.and.response" class="smpl">b64token</a> = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) 1126 <a href="#challenge.and.response" class="smpl">challenge</a> = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param ) *( 1127 OWS "," [ OWS auth-param ] ) ] ) ] 1128 <a href="#challenge.and.response" class="smpl">credentials</a> = auth-scheme [ 1*SP ( token68 / [ ( "," / auth-param ) 1129 *( OWS "," [ OWS auth-param ] ) ] ) ] 1130 1131 <a href="#imported.abnf" class="smpl">quoted-string</a> = <quoted-string, defined in [Part1], Section 3.2.4> 1132 1133 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in [Part1], Section 3.2.4> 1134 <a href="#challenge.and.response" class="smpl">token68</a> = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" ) 1127 1135 *"=" 1128 1129 <a href="#challenge.and.response" class="smpl">challenge</a> = auth-scheme [ 1*SP ( b64token / [ ( "," / auth-param ) *(1130 OWS "," [ OWS auth-param ] ) ] ) ]1131 <a href="#challenge.and.response" class="smpl">credentials</a> = auth-scheme [ 1*SP ( b64token / [ ( "," / auth-param )1132 *( OWS "," [ OWS auth-param ] ) ] ) ]1133 1134 <a href="#imported.abnf" class="smpl">quoted-string</a> = <quoted-string, defined in [Part1], Section 3.2.4>1135 1136 <a href="#imported.abnf" class="smpl">token</a> = <token, defined in [Part1], Section 3.2.4>1137 1136 </pre> <h1 id="rfc.section.D"><a href="#rfc.section.D">D.</a> <a id="change.log" href="#change.log">Change Log (to be removed by RFC Editor before publication)</a></h1> 1138 1137 <p id="rfc.section.D.p.1">Changes up to the first Working Group Last Call draft are summarized in <<a href="http://trac.tools.ietf.org/html/draft-ietf-httpbis-p7-auth-19#appendix-C">http://trac.tools.ietf.org/html/draft-ietf-httpbis-p7-auth-19#appendix-C</a>>. … … 1153 1152 </ul> 1154 1153 <h2 id="rfc.section.D.2"><a href="#rfc.section.D.2">D.2</a> <a id="changes.since.20" href="#changes.since.20">Since draft-ietf-httpbis-p7-auth-20</a></h2> 1155 <p id="rfc.section.D.2.p.1">None yet.</p> 1154 <p id="rfc.section.D.2.p.1">Closed issues: </p> 1155 <ul> 1156 <li> <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/376">http://tools.ietf.org/wg/httpbis/trac/ticket/376</a>>: "rename b64token for clarity" 1157 </li> 1158 </ul> 1156 1159 <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1> 1157 <p class="noprint"><a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index. B">B</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.S">S</a> <a href="#rfc.index.W">W</a>1160 <p class="noprint"><a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.H">H</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.S">S</a> <a href="#rfc.index.T">T</a> <a href="#rfc.index.W">W</a> 1158 1161 </p> 1159 1162 <div class="print2col"> … … 1168 1171 <li><tt>auth-scheme</tt> <a href="#rfc.iref.a.1"><b>2.1</b></a></li> 1169 1172 <li>Authorization header field <a href="#rfc.xref.header.authorization.1">2.1</a>, <a href="#rfc.xref.header.authorization.2">3.1</a>, <a href="#rfc.iref.a.3"><b>4.1</b></a>, <a href="#rfc.xref.header.authorization.3">5.3</a></li> 1170 </ul>1171 </li>1172 <li><a id="rfc.index.B" href="#rfc.index.B"><b>B</b></a><ul>1173 <li><tt>b64token</tt> <a href="#rfc.iref.b.1"><b>2.1</b></a></li>1174 1173 </ul> 1175 1174 </li> … … 1186 1185 <li><tt>auth-scheme</tt> <a href="#rfc.iref.g.1"><b>2.1</b></a></li> 1187 1186 <li><tt>Authorization</tt> <a href="#rfc.iref.g.6"><b>4.1</b></a></li> 1188 <li><tt>b64token</tt> <a href="#rfc.iref.g.3"><b>2.1</b></a></li>1189 1187 <li><tt>challenge</tt> <a href="#rfc.iref.g.4"><b>2.1</b></a></li> 1190 1188 <li><tt>credentials</tt> <a href="#rfc.iref.g.5"><b>2.1</b></a></li> 1191 1189 <li><tt>Proxy-Authenticate</tt> <a href="#rfc.iref.g.7"><b>4.2</b></a></li> 1192 1190 <li><tt>Proxy-Authorization</tt> <a href="#rfc.iref.g.8"><b>4.3</b></a></li> 1191 <li><tt>token68</tt> <a href="#rfc.iref.g.3"><b>2.1</b></a></li> 1193 1192 <li><tt>WWW-Authenticate</tt> <a href="#rfc.iref.g.9"><b>4.4</b></a></li> 1194 1193 </ul> … … 1261 1260 </ul> 1262 1261 </li> 1262 <li><a id="rfc.index.T" href="#rfc.index.T"><b>T</b></a><ul> 1263 <li><tt>token68</tt> <a href="#rfc.iref.t.1"><b>2.1</b></a></li> 1264 </ul> 1265 </li> 1263 1266 <li><a id="rfc.index.W" href="#rfc.index.W"><b>W</b></a><ul> 1264 1267 <li>WWW-Authenticate header field <a href="#rfc.xref.header.www-authenticate.1">3.1</a>, <a href="#rfc.xref.header.www-authenticate.2">4.2</a>, <a href="#rfc.iref.w.1"><b>4.4</b></a>, <a href="#rfc.xref.header.www-authenticate.3">5.3</a></li>
Note: See TracChangeset
for help on using the changeset viewer.