Changeset 2568
- Timestamp:
- 23/01/14 09:13:32 (7 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p7-auth.html
r2558 r2568 448 448 } 449 449 @bottom-center { 450 content: "Expires July 2 1, 2014";450 content: "Expires July 27, 2014"; 451 451 } 452 452 @bottom-right { … … 488 488 <meta name="dct.creator" content="Reschke, J. F."> 489 489 <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest"> 490 <meta name="dct.issued" scheme="ISO8601" content="2014-01- 17">490 <meta name="dct.issued" scheme="ISO8601" content="2014-01-23"> 491 491 <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 492 492 <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is a stateless application-level protocol for distributed, collaborative, hypermedia information systems. This document defines the HTTP Authentication framework."> … … 516 516 <tr> 517 517 <td class="left">Intended status: Standards Track</td> 518 <td class="right">January 17, 2014</td>518 <td class="right">January 23, 2014</td> 519 519 </tr> 520 520 <tr> 521 <td class="left">Expires: July 2 1, 2014</td>521 <td class="left">Expires: July 27, 2014</td> 522 522 <td class="right"></td> 523 523 </tr> … … 546 546 in progress”. 547 547 </p> 548 <p>This Internet-Draft will expire on July 2 1, 2014.</p>548 <p>This Internet-Draft will expire on July 27, 2014.</p> 549 549 </div> 550 550 <div id="rfc.copyrightnotice"> … … 974 974 <div id="security.considerations"> 975 975 <h1 id="rfc.section.6"><a href="#rfc.section.6">6.</a> <a href="#security.considerations">Security Considerations</a></h1> 976 <p id="rfc.section.6.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to HTTP/1.1 977 authentication. More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. 978 </p> 979 <p id="rfc.section.6.p.2">The list of considerations below is not exhaustive — security analysis in an ongoing activity. Various organizations, such 980 as the "Open Web Application Security Project" (OWASP, <<a href="https://www.owasp.org/">https://www.owasp.org/</a>>), provide information about current research. 976 <p id="rfc.section.6.p.1">This section is meant to inform developers, information providers, and users of known security concerns specific to HTTP authentication. 977 More general security considerations are addressed in HTTP messaging <a href="#Part1" id="rfc.xref.Part1.7"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing">[Part1]</cite></a> and semantics <a href="#Part2" id="rfc.xref.Part2.2"><cite title="Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content">[Part2]</cite></a>. 978 </p> 979 <p id="rfc.section.6.p.2">Everything about the topic of HTTP authentication is a security consideration, so the list of considerations below is not 980 exhaustive. Furthermore, it is limited to security considerations regarding the authentication framework, in general, rather 981 than discussing all of the potential considerations for specific authentication schemes (which ought to be documented in the 982 specifications that define those schemes). Various organizations maintain topical information and links to current research 983 on Web application security (e.g., <a href="#OWASP" id="rfc.xref.OWASP.1"><cite title="A Guide to Building Secure Web Applications and Web Services">[OWASP]</cite></a>), including common pitfalls for implementing and using the authentication schemes found in practice. 981 984 </p> 982 985 <div id="auth.credentials.and.idle.clients"> … … 1061 1064 <td class="reference"><b id="BCP90">[BCP90]</b></td> 1062 1065 <td class="top"><a href="mailto:GK-IETF@ninebynine.org" title="Nine by Nine">Klyne, G.</a>, <a href="mailto:mnot@pobox.com" title="BEA Systems">Nottingham, M.</a>, and <a href="mailto:JeffMogul@acm.org" title="HP Labs">J. Mogul</a>, “<a href="http://tools.ietf.org/html/rfc3864">Registration Procedures for Message Header Fields</a>”, BCP 90, RFC 3864, September 2004. 1066 </td> 1067 </tr> 1068 <tr> 1069 <td class="reference"><b id="OWASP">[OWASP]</b></td> 1070 <td class="top">van der Stock, A., Ed., “<a href="https://www.owasp.org/">A Guide to Building Secure Web Applications and Web Services</a>”, The Open Web Application Security Project (OWASP) 2.0.1, July 2005, <<a href="https://www.owasp.org/">https://www.owasp.org/</a>>. 1063 1071 </td> 1064 1072 </tr> … … 1189 1197 </div> 1190 1198 <h1 id="rfc.index"><a href="#rfc.index">Index</a></h1> 1191 <p class="noprint"><a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index.B">B</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index. P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.W">W</a>1199 <p class="noprint"><a href="#rfc.index.4">4</a> <a href="#rfc.index.A">A</a> <a href="#rfc.index.B">B</a> <a href="#rfc.index.C">C</a> <a href="#rfc.index.G">G</a> <a href="#rfc.index.O">O</a> <a href="#rfc.index.P">P</a> <a href="#rfc.index.R">R</a> <a href="#rfc.index.W">W</a> 1192 1200 </p> 1193 1201 <div class="print2col"> … … 1226 1234 </ul> 1227 1235 </li> 1236 <li><a id="rfc.index.O" href="#rfc.index.O"><b>O</b></a><ul> 1237 <li><em>OWASP</em> <a href="#rfc.xref.OWASP.1">6</a>, <a href="#OWASP"><b>8.2</b></a></li> 1238 </ul> 1239 </li> 1228 1240 <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul> 1229 1241 <li><em>Part1</em> <a href="#rfc.xref.Part1.1">1.1</a>, <a href="#rfc.xref.Part1.2">1.2</a>, <a href="#rfc.xref.Part1.3">2.2</a>, <a href="#rfc.xref.Part1.4">4.2</a>, <a href="#rfc.xref.Part1.5">4.4</a>, <a href="#rfc.xref.Part1.6">5.1.2</a>, <a href="#rfc.xref.Part1.7">6</a>, <a href="#rfc.xref.Part1.8">7</a>, <a href="#Part1"><b>8.1</b></a>, <a href="#rfc.xref.Part1.9">B</a>, <a href="#rfc.xref.Part1.10">B</a>, <a href="#rfc.xref.Part1.11">B</a>, <a href="#rfc.xref.Part1.12">B</a>, <a href="#rfc.xref.Part1.13">B</a>, <a href="#rfc.xref.Part1.14">C</a><ul> -
draft-ietf-httpbis/latest/p7-auth.xml
r2558 r2568 679 679 <t> 680 680 This section is meant to inform developers, information providers, and 681 users of known security concerns specific to HTTP /1.1authentication.681 users of known security concerns specific to HTTP authentication. 682 682 More general security considerations are addressed in HTTP messaging 683 683 &messaging; and semantics &semantics;. 684 684 </t> 685 685 <t> 686 The list of considerations below is not exhaustive — security 687 analysis in an ongoing activity. Various organizations, such as the 688 "Open Web Application Security Project" (OWASP, 689 <eref target="https://www.owasp.org/"/>), provide information about current 690 research. 686 Everything about the topic of HTTP authentication is a security 687 consideration, so the list of considerations below is not exhaustive. 688 Furthermore, it is limited to security considerations regarding the 689 authentication framework, in general, rather than discussing all of the 690 potential considerations for specific authentication schemes (which ought 691 to be documented in the specifications that define those schemes). 692 Various organizations maintain topical information and links to current 693 research on Web application security (e.g., <xref target="OWASP"/>), 694 including common pitfalls for implementing and using the authentication 695 schemes found in practice. 691 696 </t> 692 697 … … 1003 1008 </reference> 1004 1009 1010 <reference anchor="OWASP" target="https://www.owasp.org/"> 1011 <front> 1012 <title abbrev="OWASP">A Guide to Building Secure Web Applications and Web Services</title> 1013 <author role="editor" initials="A." surname="van der Stock" 1014 fullname="Andrew van der Stock"/> 1015 <date month="July" day="27" year="2005"/> 1016 </front> 1017 <seriesInfo name="The Open Web Application Security Project (OWASP)" value="2.0.1"/> 1018 </reference> 1019 1005 1020 </references> 1006 1021
Note: See TracChangeset
for help on using the changeset viewer.