Changeset 1902
- Timestamp:
- 17/09/12 12:25:33 (10 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p7-auth.html
r1895 r1902 449 449 } 450 450 @bottom-center { 451 content: "Expires March 19, 2013";451 content: "Expires March 21, 2013"; 452 452 } 453 453 @bottom-right { … … 490 490 <meta name="dct.creator" content="Reschke, J. F."> 491 491 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest"> 492 <meta name="dct.issued" scheme="ISO8601" content="2012-09-1 5">492 <meta name="dct.issued" scheme="ISO8601" content="2012-09-17"> 493 493 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 494 494 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This document defines the HTTP Authentication framework."> … … 521 521 </tr> 522 522 <tr> 523 <td class="left">Expires: March 19, 2013</td>523 <td class="left">Expires: March 21, 2013</td> 524 524 <td class="right">greenbytes</td> 525 525 </tr> 526 526 <tr> 527 527 <td class="left"></td> 528 <td class="right">September 1 5, 2012</td>528 <td class="right">September 17, 2012</td> 529 529 </tr> 530 530 </tbody> … … 551 551 in progress”. 552 552 </p> 553 <p>This Internet-Draft will expire on March 19, 2013.</p>553 <p>This Internet-Draft will expire on March 21, 2013.</p> 554 554 <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 555 555 <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> … … 648 648 <p id="rfc.section.2.1.p.2">Parameters are name-value pairs where the name is matched case-insensitively, and each parameter name <em class="bcp14">MUST</em> only occur once per challenge. 649 649 </p> 650 <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref. a.1"></span><span id="rfc.iref.a.2"></span><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span><span id="rfc.iref.t.1"></span><span id="rfc.iref.g.3"></span> auth-scheme = <a href="#imported.abnf" class="smpl">token</a>650 <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span><span id="rfc.iref.g.3"></span> auth-scheme = <a href="#imported.abnf" class="smpl">token</a> 651 651 652 652 auth-param = <a href="#imported.abnf" class="smpl">token</a> <a href="#imported.abnf" class="smpl">BWS</a> "=" <a href="#imported.abnf" class="smpl">BWS</a> ( <a href="#imported.abnf" class="smpl">token</a> / <a href="#imported.abnf" class="smpl">quoted-string</a> ) … … 661 661 <p id="rfc.section.2.1.p.6">The <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> response message is used by a proxy to challenge the authorization of a client and <em class="bcp14">MUST</em> include a <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field containing at least one challenge applicable to the proxy for the requested resource. 662 662 </p> 663 <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref. c.1"></span><span id="rfc.iref.g.4"></span> <a href="#challenge.and.response" class="smpl">challenge</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">token68</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]663 <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.4"></span> <a href="#challenge.and.response" class="smpl">challenge</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">token68</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ] 664 664 </pre><div class="note" id="rfc.section.2.1.p.8"> 665 665 <p> <b>Note:</b> User agents will need to take special care in parsing the <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> and <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field values because they can contain more than one challenge, or if more than one of each is provided, since the contents … … 681 681 user as appropriate. 682 682 </p> 683 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref. c.2"></span><span id="rfc.iref.g.5"></span> <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">token68</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ]683 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.5"></span> <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">token68</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ] 684 684 </pre><p id="rfc.section.2.1.p.14">Upon a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password) or partial 685 685 credentials (e.g., when the authentication scheme requires more than one round trip), an origin server <em class="bcp14">SHOULD</em> return a <a href="#status.401" class="smpl">401 (Unauthorized)</a> response. Such responses <em class="bcp14">MUST</em> include a <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> header field containing at least one (possibly new) challenge applicable to the requested resource. … … 698 698 <div id="rfc.iref.p.1"></div> 699 699 <div id="rfc.iref.r.1"></div> 700 <div id="rfc.iref.c. 3"></div>700 <div id="rfc.iref.c.1"></div> 701 701 <h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a> <a id="protection.space" href="#protection.space">Protection Space (Realm)</a></h2> 702 702 <p id="rfc.section.2.2.p.1">The authentication parameter realm is reserved for use by authentication schemes that wish to indicate the scope of protection.</p> … … 780 780 </ul> 781 781 <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a> <a id="status.code.definitions" href="#status.code.definitions">Status Code Definitions</a></h1> 782 <div id="rfc.iref. 13"></div>782 <div id="rfc.iref.8"></div> 783 783 <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a> <a id="status.401" href="#status.401">401 Unauthorized</a></h2> 784 784 <p id="rfc.section.3.1.p.1">The request requires user authentication. The response <em class="bcp14">MUST</em> include a <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> header field (<a href="#header.www-authenticate" id="rfc.xref.header.www-authenticate.1" title="WWW-Authenticate">Section 4.4</a>) containing a challenge applicable to the target resource. The client <em class="bcp14">MAY</em> repeat the request with a suitable <a href="#header.authorization" class="smpl">Authorization</a> header field (<a href="#header.authorization" id="rfc.xref.header.authorization.2" title="Authorization">Section 4.1</a>). If the request already included Authorization credentials, then the 401 response indicates that authorization has been … … 787 787 information. 788 788 </p> 789 <div id="rfc.iref. 13"></div>789 <div id="rfc.iref.8"></div> 790 790 <h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a> <a id="status.407" href="#status.407">407 Proxy Authentication Required</a></h2> 791 791 <p id="rfc.section.3.2.p.1">This code is similar to <a href="#status.401" class="smpl">401 (Unauthorized)</a>, but indicates that the client ought to first authenticate itself with the proxy. The proxy <em class="bcp14">MUST</em> return a <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field (<a href="#header.proxy-authenticate" id="rfc.xref.header.proxy-authenticate.1" title="Proxy-Authenticate">Section 4.2</a>) containing a challenge applicable to the proxy for the target resource. The client <em class="bcp14">MAY</em> repeat the request with a suitable <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> header field (<a href="#header.proxy-authorization" id="rfc.xref.header.proxy-authorization.1" title="Proxy-Authorization">Section 4.3</a>). … … 793 793 <h1 id="rfc.section.4"><a href="#rfc.section.4">4.</a> <a id="header.field.definitions" href="#header.field.definitions">Header Field Definitions</a></h1> 794 794 <p id="rfc.section.4.p.1">This section defines the syntax and semantics of HTTP/1.1 header fields related to authentication.</p> 795 <div id="rfc.iref.a. 3"></div>795 <div id="rfc.iref.a.1"></div> 796 796 <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a> <a id="header.authorization" href="#header.authorization">Authorization</a></h2> 797 797 <p id="rfc.section.4.1.p.1">The "Authorization" header field allows a user agent to authenticate itself with a server — usually, but not necessarily, … … 1137 1137 </ul> 1138 1138 <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1> 1139 <p class="noprint"><a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index. T">T</a> <a href="#rfc.index.W">W</a>1139 <p class="noprint"><a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.W">W</a> 1140 1140 </p> 1141 1141 <div class="print2col"> 1142 1142 <ul class="ind"> 1143 1143 <li><a id="rfc.index.4" href="#rfc.index.4"><b>4</b></a><ul> 1144 <li>401 Unauthorized (status code) <a href="#rfc.iref. 13"><b>3.1</b></a>, <a href="#rfc.xref.status.401.1">5.2</a></li>1145 <li>407 Proxy Authentication Required (status code) <a href="#rfc.iref. 13"><b>3.2</b></a>, <a href="#rfc.xref.status.407.1">5.2</a></li>1144 <li>401 Unauthorized (status code) <a href="#rfc.iref.8"><b>3.1</b></a>, <a href="#rfc.xref.status.401.1">5.2</a></li> 1145 <li>407 Proxy Authentication Required (status code) <a href="#rfc.iref.8"><b>3.2</b></a>, <a href="#rfc.xref.status.407.1">5.2</a></li> 1146 1146 </ul> 1147 1147 </li> 1148 1148 <li><a id="rfc.index.A" href="#rfc.index.A"><b>A</b></a><ul> 1149 <li><tt>auth-param</tt> <a href="#rfc.iref.a.2"><b>2.1</b></a></li> 1150 <li><tt>auth-scheme</tt> <a href="#rfc.iref.a.1"><b>2.1</b></a></li> 1151 <li>Authorization header field <a href="#rfc.xref.header.authorization.1">2.1</a>, <a href="#rfc.xref.header.authorization.2">3.1</a>, <a href="#rfc.iref.a.3"><b>4.1</b></a>, <a href="#rfc.xref.header.authorization.3">5.3</a></li> 1149 <li>Authorization header field <a href="#rfc.xref.header.authorization.1">2.1</a>, <a href="#rfc.xref.header.authorization.2">3.1</a>, <a href="#rfc.iref.a.1"><b>4.1</b></a>, <a href="#rfc.xref.header.authorization.3">5.3</a></li> 1152 1150 </ul> 1153 1151 </li> 1154 1152 <li><a id="rfc.index.C" href="#rfc.index.C"><b>C</b></a><ul> 1155 <li>Canonical Root URI <a href="#rfc.iref.c.3">2.2</a></li> 1156 <li><tt>challenge</tt> <a href="#rfc.iref.c.1"><b>2.1</b></a></li> 1157 <li><tt>credentials</tt> <a href="#rfc.iref.c.2"><b>2.1</b></a></li> 1153 <li>Canonical Root URI <a href="#rfc.iref.c.1">2.2</a></li> 1158 1154 </ul> 1159 1155 </li> … … 1219 1215 </ul> 1220 1216 </li> 1221 <li><a id="rfc.index.T" href="#rfc.index.T"><b>T</b></a><ul>1222 <li><tt>token68</tt> <a href="#rfc.iref.t.1"><b>2.1</b></a></li>1223 </ul>1224 </li>1225 1217 <li><a id="rfc.index.W" href="#rfc.index.W"><b>W</b></a><ul> 1226 1218 <li>WWW-Authenticate header field <a href="#rfc.xref.header.www-authenticate.1">3.1</a>, <a href="#rfc.xref.header.www-authenticate.2">4.2</a>, <a href="#rfc.iref.w.1"><b>4.4</b></a>, <a href="#rfc.xref.header.www-authenticate.3">5.3</a></li> -
draft-ietf-httpbis/latest/p7-auth.xml
r1895 r1902 185 185 and each parameter name &MUST; only occur once per challenge. 186 186 </t> 187 <figure><artwork type="abnf2616"><iref item="auth-scheme" primary="true"/><iref item="auth-param" primary="true"/><iref primary="true" item="Grammar" subitem="auth-scheme"/><iref primary="true" item="Grammar" subitem="auth-param"/><iref item="token68" primary="true"/><iref primary="true" item="Grammar" subitem="token68"/>187 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="auth-scheme"/><iref primary="true" item="Grammar" subitem="auth-param"/><iref primary="true" item="Grammar" subitem="token68"/> 188 188 auth-scheme = <x:ref>token</x:ref> 189 189 … … 211 211 one challenge applicable to the proxy for the requested resource. 212 212 </t> 213 <figure><artwork type="abnf2616"><iref item="challenge" primary="true"/><irefprimary="true" item="Grammar" subitem="challenge"/>213 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="challenge"/> 214 214 <x:ref>challenge</x:ref> = <x:ref>auth-scheme</x:ref> [ 1*<x:ref>SP</x:ref> ( <x:ref>token68</x:ref> / #<x:ref>auth-param</x:ref> ) ] 215 215 </artwork></figure> … … 251 251 as appropriate. 252 252 </t> 253 <figure><artwork type="abnf2616"><iref item="credentials" primary="true"/><irefprimary="true" item="Grammar" subitem="credentials"/>253 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="credentials"/> 254 254 <x:ref>credentials</x:ref> = <x:ref>auth-scheme</x:ref> [ 1*<x:ref>SP</x:ref> ( <x:ref>token68</x:ref> / #<x:ref>auth-param</x:ref> ) ] 255 255 </artwork></figure>
Note: See TracChangeset
for help on using the changeset viewer.