Changeset 191

Timestamp:

03/02/08 19:38:52 (14 years ago)

Author:

julian.reschke@…

Message:

Explicitly import BNF rules for "challenge" and "credentials" from RFC2617; addresses #36.

Location:

draft-ietf-httpbis/latest

Files:

• p7-auth.html (modified) (11 diffs)
• p7-auth.xml (modified) (2 diffs)

draft-ietf-httpbis/latest/p7-auth.html

@@ -524 +524 @@
       <p id="rfc.section.1.p.2">HTTP provides several <em class="bcp14">OPTIONAL</em> challenge-response authentication mechanisms which can be used by a server to challenge a client request and by a client to
          provide authentication information. The general framework for access authentication, and the specification of "basic" and
-         "digest" authentication, are specified in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.2"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. This specification adopts the definitions of "challenge" and "credentials" from that specification.
-      </p>
-      <h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a>&nbsp;<a id="intro.requirements" href="#intro.requirements">Requirements</a></h2>
+         "digest" authentication, are specified in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.2"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. This specification adopts the definitions of "challenge" and "credentials" from that specification:
+      </p>
+      <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span>  challenge   = &lt;challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>&gt;
+  credentials = &lt;credentials, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>&gt;
+</pre><h2 id="rfc.section.1.1"><a href="#rfc.section.1.1">1.1</a>&nbsp;<a id="intro.requirements" href="#intro.requirements">Requirements</a></h2>
       <p id="rfc.section.1.1.p.1">The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL"
          in this document are to be interpreted as described in <a href="#RFC2119" id="rfc.xref.RFC2119.1"><cite title="Key words for use in RFCs to Indicate Requirement Levels">[RFC2119]</cite></a>.
@@ -534 +536 @@
       <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;Status Code Definitions
       </h1>
-      <div id="rfc.iref."></div>
+      <div id="rfc.iref.2"></div>
       <div id="rfc.iref.s.1"></div>
       <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a>&nbsp;<a id="status.401" href="#status.401">401 Unauthorized</a></h2>
@@ -540 +542 @@
          refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has
          already attempted authentication at least once, then the user <em class="bcp14">SHOULD</em> be presented the entity that was given in the response, since that entity might include relevant diagnostic information. HTTP
-         access authentication is explained in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>.
-      </p>
-      <div id="rfc.iref.1"></div>
+         access authentication is explained in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.5"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>.
+      </p>
+      <div id="rfc.iref.3"></div>
       <div id="rfc.iref.s.2"></div>
       <h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a>&nbsp;<a id="status.407" href="#status.407">407 Proxy Authentication Required</a></h2>
       <p id="rfc.section.2.2.p.1">This code is similar to 401 (Unauthorized), but indicates that the client must first authenticate itself with the proxy. The
-         proxy <em class="bcp14">MUST</em> return a Proxy-Authenticate header field (<a href="#header.proxy-authenticate" id="rfc.xref.header.proxy-authenticate.1" title="Proxy-Authenticate">Section&nbsp;3.2</a>) containing a challenge applicable to the proxy for the requested resource. The client <em class="bcp14">MAY</em> repeat the request with a suitable Proxy-Authorization header field (<a href="#header.proxy-authorization" id="rfc.xref.header.proxy-authorization.1" title="Proxy-Authorization">Section&nbsp;3.3</a>). HTTP access authentication is explained in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>.
+         proxy <em class="bcp14">MUST</em> return a Proxy-Authenticate header field (<a href="#header.proxy-authenticate" id="rfc.xref.header.proxy-authenticate.1" title="Proxy-Authenticate">Section&nbsp;3.2</a>) containing a challenge applicable to the proxy for the requested resource. The client <em class="bcp14">MAY</em> repeat the request with a suitable Proxy-Authorization header field (<a href="#header.proxy-authorization" id="rfc.xref.header.proxy-authorization.1" title="Proxy-Authorization">Section&nbsp;3.3</a>). HTTP access authentication is explained in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.6"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>.
       </p>
       <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="header.fields" href="#header.fields">Header Field Definitions</a></h1>
@@ -557 +559 @@
          containing the authentication information of the user agent for the realm of the resource being requested.
       </p>
-      <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.g.1"></span>  Authorization  = "Authorization" ":" credentials
-</pre><p id="rfc.section.3.1.p.3">HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.5"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. If a request is authenticated and a realm specified, the same credentials <em class="bcp14">SHOULD</em> be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise,
+      <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.3"></span>  Authorization  = "Authorization" ":" credentials
+</pre><p id="rfc.section.3.1.p.3">HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.7"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. If a request is authenticated and a realm specified, the same credentials <em class="bcp14">SHOULD</em> be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise,
          such as credentials that vary according to a challenge value or using synchronized clocks).
       </p>
@@ -580 +582 @@
          the authentication scheme and parameters applicable to the proxy for this Request-URI.
       </p>
-      <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.2"></span>  Proxy-Authenticate  = "Proxy-Authenticate" ":" 1#challenge
-</pre><p id="rfc.section.3.2.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.6"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting
+      <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.4"></span>  Proxy-Authenticate  = "Proxy-Authenticate" ":" 1#challenge
+</pre><p id="rfc.section.3.2.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.8"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting
          them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate
          header field.
@@ -592 +594 @@
          user agent for the proxy and/or realm of the resource being requested.
       </p>
-      <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.3"></span>  Proxy-Authorization     = "Proxy-Authorization" ":" credentials
-</pre><p id="rfc.section.3.3.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.7"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike Authorization, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication
+      <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span>  Proxy-Authorization     = "Proxy-Authorization" ":" credentials
+</pre><p id="rfc.section.3.3.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.9"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike Authorization, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication
          using the Proxy-Authenticate field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed
          by the first outbound proxy that was expecting to receive credentials. A proxy <em class="bcp14">MAY</em> relay the credentials from the client request to the next proxy if that is the mechanism by which the proxies cooperatively
@@ -604 +606 @@
          authentication scheme(s) and parameters applicable to the Request-URI.
       </p>
-      <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.4"></span>  WWW-Authenticate  = "WWW-Authenticate" ":" 1#challenge
-</pre><p id="rfc.section.3.4.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.8"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one
+      <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.6"></span>  WWW-Authenticate  = "WWW-Authenticate" ":" 1#challenge
+</pre><p id="rfc.section.3.4.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.10"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one
          challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a
          comma-separated list of authentication parameters.
@@ -700 +702 @@
       <h2 id="rfc.section.B.3"><a href="#rfc.section.B.3">B.3</a>&nbsp;Since draft-ietf-httpbis-p7-auth-01
       </h2>
+      <p id="rfc.section.B.3.p.1">Ongoing work on ABNF conversion (&lt;<a href="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36">http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36</a>&gt;): 
+      </p>
+      <ul>
+         <li>Explicitly import BNF rules for "challenge" and "credentials" from RFC2617.</li>
+      </ul>
       <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1>
       <p>Copyright © The IETF Trust (2008).</p>
@@ -733 +740 @@
          <ul class="ind">
             <li class="indline0"><a id="rfc.index.4" href="#rfc.index.4"><b>4</b></a><ul class="ind">
-                  <li class="indline1">401 Unauthorized (status code)&nbsp;&nbsp;<a class="iref" href="#rfc.iref."><b>2.1</b></a></li>
-                  <li class="indline1">407 Proxy Authentication Required (status code)&nbsp;&nbsp;<a class="iref" href="#rfc.iref.1"><b>2.2</b></a></li>
+                  <li class="indline1">401 Unauthorized (status code)&nbsp;&nbsp;<a class="iref" href="#rfc.iref.2"><b>2.1</b></a></li>
+                  <li class="indline1">407 Proxy Authentication Required (status code)&nbsp;&nbsp;<a class="iref" href="#rfc.iref.3"><b>2.2</b></a></li>
                </ul>
             </li>
@@ -744 +751 @@
                   <li class="indline1"><tt>Grammar</tt>&nbsp;&nbsp;
                      <ul class="ind">
-                        <li class="indline1"><tt>Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.1"><b>3.1</b></a></li>
-                        <li class="indline1"><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.2"><b>3.2</b></a></li>
-                        <li class="indline1"><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.3"><b>3.3</b></a></li>
-                        <li class="indline1"><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.4"><b>3.4</b></a></li>
+                        <li class="indline1"><tt>Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.3"><b>3.1</b></a></li>
+                        <li class="indline1"><tt>challenge</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.1"><b>1</b></a></li>
+                        <li class="indline1"><tt>credentials</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.2"><b>1</b></a></li>
+                        <li class="indline1"><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.4"><b>3.2</b></a></li>
+                        <li class="indline1"><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.5"><b>3.3</b></a></li>
+                        <li class="indline1"><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.6"><b>3.4</b></a></li>
                      </ul>
                   </li>
@@ -775 +784 @@
                   <li class="indline1"><em>RFC2119</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2119.1">1.1</a>, <a class="iref" href="#RFC2119"><b>7.1</b></a></li>
                   <li class="indline1"><em>RFC2616</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2616.1">1</a>, <a class="iref" href="#RFC2616"><b>7.2</b></a>, <a class="iref" href="#rfc.xref.RFC2616.2">B.1</a></li>
-                  <li class="indline1"><em>RFC2617</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2617.1">1</a>, <a class="iref" href="#rfc.xref.RFC2617.2">1</a>, <a class="iref" href="#rfc.xref.RFC2617.3">2.1</a>, <a class="iref" href="#rfc.xref.RFC2617.4">2.2</a>, <a class="iref" href="#rfc.xref.RFC2617.5">3.1</a>, <a class="iref" href="#rfc.xref.RFC2617.6">3.2</a>, <a class="iref" href="#rfc.xref.RFC2617.7">3.3</a>, <a class="iref" href="#rfc.xref.RFC2617.8">3.4</a>, <a class="iref" href="#RFC2617"><b>7.1</b></a></li>
+                  <li class="indline1"><em>RFC2617</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2617.1">1</a>, <a class="iref" href="#rfc.xref.RFC2617.2">1</a>, <a class="iref" href="#rfc.xref.RFC2617.3">1</a>, <a class="iref" href="#rfc.xref.RFC2617.4">1</a>, <a class="iref" href="#rfc.xref.RFC2617.5">2.1</a>, <a class="iref" href="#rfc.xref.RFC2617.6">2.2</a>, <a class="iref" href="#rfc.xref.RFC2617.7">3.1</a>, <a class="iref" href="#rfc.xref.RFC2617.8">3.2</a>, <a class="iref" href="#rfc.xref.RFC2617.9">3.3</a>, <a class="iref" href="#rfc.xref.RFC2617.10">3.4</a>, <a class="iref" href="#RFC2617"><b>7.1</b></a><ul class="ind">
+                        <li class="indline1"><em>Section 1.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC2617.3">1</a>, <a class="iref" href="#rfc.xref.RFC2617.4">1</a></li>
+                     </ul>
+                  </li>
                </ul>
             </li>

draft-ietf-httpbis/latest/p7-auth.xml

@@ -218 +218 @@
    Authentication: Basic and Digest Access Authentication" <xref target="RFC2617"/>. This
    specification adopts the definitions of "challenge" and "credentials"
-   from that specification.
-</t>
+   from that specification:
+</t>
+<figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="challenge"/><iref primary="true" item="Grammar" subitem="credentials"/>
+  challenge   = &lt;challenge, defined in <xref target="RFC2617" x:fmt="," x:sec="1.2"/>>
+  credentials = &lt;credentials, defined in <xref target="RFC2617" x:fmt="," x:sec="1.2"/>>
+</artwork></figure>
 
 <section title="Requirements" anchor="intro.requirements">
@@ -633 +637 @@
 <section title="Since draft-ietf-httpbis-p7-auth-01">
 <t>
+  Ongoing work on ABNF conversion (<eref target="http://www3.tools.ietf.org/wg/httpbis/trac/ticket/36"/>):
+  <list style="symbols"> 
+    <t>
+      Explicitly import BNF rules for "challenge" and "credentials" from RFC2617.
+    </t>
+  </list>
 </t>
 </section>