Changeset 2066 for draft-ietf-httpbis/latest/p7-auth.xml
- Timestamp:
- 29/12/12 10:14:11 (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p7-auth.xml
r2052 r2066 242 242 invalid credentials (e.g., a bad password) or partial credentials (e.g., 243 243 when the authentication scheme requires more than one round trip), an origin 244 server &SHOULD; send a <x:ref>401 (Unauthorized)</x:ref> response. Such 245 responses &MUST; include a <x:ref>WWW-Authenticate</x:ref> header field 246 containing at least one (possibly new) challenge applicable to the 247 requested resource. 244 server &SHOULD; send a <x:ref>401 (Unauthorized)</x:ref> response that 245 contains a <x:ref>WWW-Authenticate</x:ref> header field with at least one 246 (possibly new) challenge applicable to the requested resource. 248 247 </t> 249 248 <t> 250 249 Likewise, upon a request that requires authentication by proxies that omit 251 250 credentials or contain invalid or partial credentials, a proxy &SHOULD; 252 send a <x:ref>407 (Proxy Authentication Required)</x:ref> response . Such responses253 &MUST; include a <x:ref>Proxy-Authenticate</x:ref> header field containinga (possibly251 send a <x:ref>407 (Proxy Authentication Required)</x:ref> response that 252 contains a <x:ref>Proxy-Authenticate</x:ref> header field with a (possibly 254 253 new) challenge applicable to the proxy. 255 254 </t> … … 427 426 <x:anchor-alias value="401 (Unauthorized)"/> 428 427 <t> 429 The request requires user authentication. The response &MUST; include a 428 The <x:dfn>401 (Unauthorized)</x:dfn> status code indicates that the 429 request has not been applied because it lacks valid authentication 430 credentials for the target resource. The origin server &MUST; send a 430 431 <x:ref>WWW-Authenticate</x:ref> header field (<xref target="header.www-authenticate"/>) 431 containing a challenge applicable to the target resource. The client &MAY;432 repeat the request with a suitable <x:ref>Authorization</x:ref> header field433 (<xref target="header.authorization"/>). If the request already included434 Authorization credentials, then the 401 response indicates that authorization435 has been refused for those credentials. If the 401 response contains the436 same challenge as the prior response, and the user agent has already attempted437 authentication at least once, then the user &SHOULD; be presentedthe438 representation that was given in the response, since that representation might439 i ncluderelevant diagnostic information.432 containing at least one challenge applicable to the target resource. 433 If the request included authentication credentials, then the 401 response 434 indicates that authorization has been refused for those credentials. 435 The client &MAY; repeat the request with a new or replaced 436 <x:ref>Authorization</x:ref> header field (<xref target="header.authorization"/>). 437 If the 401 response contains the same challenge as the prior response, and 438 the user agent has already attempted authentication at least once, then the 439 user agent &SHOULD; present the enclosed representation to the user, since 440 it usually contains relevant diagnostic information. 440 441 </t> 441 442 </section> … … 444 445 <x:anchor-alias value="407 (Proxy Authentication Required)"/> 445 446 <t> 446 This code is similar to <x:ref>401 (Unauthorized)</x:ref>, but indicates that the 447 client ought to first authenticate itself with the proxy. The proxy &MUST; 448 send a <x:ref>Proxy-Authenticate</x:ref> header field (<xref target="header.proxy-authenticate"/>) containing a 449 challenge applicable to the proxy for the target resource. The 450 client &MAY; repeat the request with a suitable <x:ref>Proxy-Authorization</x:ref> 447 The <x:dfn>407 (Proxy Authentication Required)</x:dfn> status code is 448 similar to <x:ref>401 (Unauthorized)</x:ref>, but indicates that the client 449 needs to authenticate itself in order to use a proxy. 450 The proxy &MUST; send a <x:ref>Proxy-Authenticate</x:ref> header field 451 (<xref target="header.proxy-authenticate"/>) containing a challenge 452 applicable to that proxy for the target resource. The client &MAY; repeat 453 the request with a new or replaced <x:ref>Proxy-Authorization</x:ref> 451 454 header field (<xref target="header.proxy-authorization"/>). 452 455 </t>
Note: See TracChangeset
for help on using the changeset viewer.