Changeset 2449
- Timestamp:
- 30/10/13 13:28:02 (9 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p7-auth.html
r2448 r2449 684 684 </p> 685 685 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.5"></span> <a href="#challenge.and.response" class="smpl">credentials</a> = <a href="#challenge.and.response" class="smpl">auth-scheme</a> [ 1*<a href="#imported.abnf" class="smpl">SP</a> ( <a href="#challenge.and.response" class="smpl">token68</a> / #<a href="#challenge.and.response" class="smpl">auth-param</a> ) ] 686 </pre><p id="rfc.section.2.1.p.14">Upon a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password) or partial687 credentials (e.g., when the authentication scheme requires more than one round trip), an origin server <em class="bcp14">SHOULD</em> send a <a href="#status.401" class="smpl">401 (Unauthorized)</a> response that contains a <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> header field with at least one (possibly new) challenge applicable to the requested resource.688 </p> 689 <p id="rfc.section.2.1.p.15">Likewise, upon a request that requires authentication by proxies that omit credentials or contain invalid or partial credentials,690 a proxy <em class="bcp14">SHOULD</em> send a <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> response that contains a <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field with a (possibly new) challenge applicable to the proxy.686 </pre><p id="rfc.section.2.1.p.14">Upon receipt of a request for a protected resource that omits credentials, contains invalid credentials (e.g., a bad password) 687 or partial credentials (e.g., when the authentication scheme requires more than one round trip), an origin server <em class="bcp14">SHOULD</em> send a <a href="#status.401" class="smpl">401 (Unauthorized)</a> response that contains a <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> header field with at least one (possibly new) challenge applicable to the requested resource. 688 </p> 689 <p id="rfc.section.2.1.p.15">Likewise, upon receipt of a request that requires authentication by proxies that omit credentials or contain invalid or partial 690 credentials, a proxy <em class="bcp14">SHOULD</em> send a <a href="#status.407" class="smpl">407 (Proxy Authentication Required)</a> response that contains a <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> header field with a (possibly new) challenge applicable to the proxy. 691 691 </p> 692 692 <p id="rfc.section.2.1.p.16">A server receiving credentials that are valid, but not adequate to gain access, ought to respond with the <a href="p2-semantics.html#status.403" class="smpl">403 (Forbidden)</a> status code (<a href="p2-semantics.html#status.403" title="403 Forbidden">Section 6.5.3</a> of <a href="#Part2" id="rfc.xref.Part2.1"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>). … … 1162 1162 </li> 1163 1163 </ul> 1164 <p id="rfc.section.D.1.p.2">Partly resolved issues: </p> 1165 <ul> 1166 <li><<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/510">http://tools.ietf.org/wg/httpbis/trac/ticket/510</a>>: "SECDIR review of draft-ietf-httpbis-p7-auth-24" 1167 </li> 1168 </ul> 1164 1169 </div> 1165 1170 </div> -
draft-ietf-httpbis/latest/p7-auth.xml
r2448 r2449 243 243 </artwork></figure> 244 244 <t> 245 Upon a request for a protected resource that omits credentials, contains246 invalid credentials (e.g., a bad password) or partial credentials (e.g.,247 when the authentication scheme requires more than one round trip), an origin248 server &SHOULD; send a <x:ref>401 (Unauthorized)</x:ref> response that245 Upon receipt of a request for a protected resource that omits credentials, 246 contains invalid credentials (e.g., a bad password) or partial credentials 247 (e.g., when the authentication scheme requires more than one round trip), an 248 origin server &SHOULD; send a <x:ref>401 (Unauthorized)</x:ref> response that 249 249 contains a <x:ref>WWW-Authenticate</x:ref> header field with at least one 250 250 (possibly new) challenge applicable to the requested resource. 251 251 </t> 252 252 <t> 253 Likewise, upon a request that requires authentication by proxies that omit254 credentials or contain invalid or partial credentials, a proxy &SHOULD;255 send a <x:ref>407 (Proxy Authentication Required)</x:ref> response that256 contains a <x:ref>Proxy-Authenticate</x:ref> header field with a (possibly257 new) challenge applicable to the proxy.253 Likewise, upon receipt of a request that requires authentication by proxies 254 that omit credentials or contain invalid or partial credentials, a proxy 255 &SHOULD; send a <x:ref>407 (Proxy Authentication Required)</x:ref> response 256 that contains a <x:ref>Proxy-Authenticate</x:ref> header field with a 257 (possibly new) challenge applicable to the proxy. 258 258 </t> 259 259 <t> … … 1107 1107 </list> 1108 1108 </t> 1109 <t> 1110 Partly resolved issues: 1111 <list style="symbols"> 1112 <t> 1113 <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/510"/>: 1114 "SECDIR review of draft-ietf-httpbis-p7-auth-24" 1115 </t> 1116 </list> 1117 </t> 1109 1118 </section> 1110 1119 </section>
Note: See TracChangeset
for help on using the changeset viewer.