Changeset 2713 for draft-ietf-httpbis


Ignore:
Timestamp:
03/06/14 19:49:32 (6 years ago)
Author:
julian.reschke@…
Message:

update rfc7235-to-be (#553)

Location:
draft-ietf-httpbis/latest/auth48
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/auth48/rfc7235.abdiff.txt

    r2709 r2713  
    1 
    2 INTRODUCTION, paragraph 1:
    3 OLD:
    4 
    5  Internet Engineering Task Force (IETF)                  R. Fielding, Ed.
    6  Request for Comments: 7235                                         Adobe
    7  Obsoletes: 2616                                          J. Reschke, Ed.
    8  Updates: 2617                                                 greenbytes
    9  Category: Standards Track                                      June 2014
    10  ISSN: 2070-1721
    11 
    12 NEW:
    13 
    14  Internet Engineering Task Force (IETF)                  R. Fielding, Ed.
    15  Request for Comments: 7235                                         Adobe
    16  Obsoletes: 2616                                          J. Reschke, Ed.
    17  Updates: 2617                                                 greenbytes
    18  Category: Standards Track                                       May 2014
    19  ISSN: 2070-1721
    20 
    211
    222INTRODUCTION, paragraph 5:
     
    8262NEW:
    8363
    84     1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
    85       1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  3
    86       1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  3
    87     2.  Access Authentication Framework  . . . . . . . . . . . . . . .  3
    88       2.1.  Challenge and Response . . . . . . . . . . . . . . . . . .  3
    89       2.2.  Protection Space (Realm) . . . . . . . . . . . . . . . . .  5
    90     3.  Status Code Definitions  . . . . . . . . . . . . . . . . . . .  6
    91       3.1.  401 Unauthorized . . . . . . . . . . . . . . . . . . . . .  6
    92       3.2.  407 Proxy Authentication Required  . . . . . . . . . . . .  6
    93     4.  Header Field Definitions . . . . . . . . . . . . . . . . . . .  7
    94       4.1.  WWW-Authenticate . . . . . . . . . . . . . . . . . . . . .  7
    95       4.2.  Authorization  . . . . . . . . . . . . . . . . . . . . . .  8
    96       4.3.  Proxy-Authenticate . . . . . . . . . . . . . . . . . . . .  8
    97       4.4.  Proxy-Authorization  . . . . . . . . . . . . . . . . . . .  9
    98     5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  9
    99       5.1.  Authentication Scheme Registry . . . . . . . . . . . . . .  9
    100         5.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . .  9
    101         5.1.2.  Considerations for New Authentication Schemes  . . . .  9
    102       5.2.  Status Code Registration . . . . . . . . . . . . . . . . . 11
    103       5.3.  Header Field Registration  . . . . . . . . . . . . . . . . 11
    104     6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
    105       6.1.  Confidentiality of Credentials . . . . . . . . . . . . . . 12
    106       6.2.  Authentication Credentials and Idle Clients  . . . . . . . 12
    107       6.3.  Protection Spaces  . . . . . . . . . . . . . . . . . . . . 13
    108     7.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 13
    109     8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
    110       8.1.  Normative References . . . . . . . . . . . . . . . . . . . 14
    111       8.2.  Informative References . . . . . . . . . . . . . . . . . . 14
    112     Appendix A.  Changes from RFCs 2616 and 2617 . . . . . . . . . . . 15
    113     Appendix B.  Imported ABNF . . . . . . . . . . . . . . . . . . . . 15
    114     Appendix C.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 15
    115     Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
    116 
    117 
    118 Section 8.1., paragraph 3:
    119 OLD:
    120 
    121     [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
    122                Protocol (HTTP/1.1): Message Syntax and Routing",
    123                RFC 7230, June 2014.
    124 
    125 NEW:
    126 
    127     [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
    128                Protocol (HTTP/1.1): Message Syntax and Routing",
    129                RFC 7230, May 2014.
    130 
    131 
    132 Section 8.1., paragraph 4:
    133 OLD:
    134 
    135     [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
    136                Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
    137                June 2014.
    138 
    139 NEW:
    140 
    141     [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
    142                Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
    143                May 2014.
    144 
    145 
    146 Section 8.1., paragraph 5:
    147 OLD:
    148 
    149     [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
    150                Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
    151                RFC 7234, June 2014.
    152 
    153 NEW:
    154 
    155     [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
    156                Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
    157                RFC 7234, May 2014.
     64    1. Introduction ....................................................3
     65       1.1. Conformance and Error Handling .............................3
     66       1.2. Syntax Notation ............................................3
     67    2. Access Authentication Framework .................................3
     68       2.1. Challenge and Response .....................................3
     69       2.2. Protection Space (Realm) ...................................5
     70    3. Status Code Definitions .........................................6
     71       3.1. 401 Unauthorized ...........................................6
     72       3.2. 407 Proxy Authentication Required ..........................6
     73    4. Header Field Definitions ........................................7
     74       4.1. WWW-Authenticate ...........................................7
     75       4.2. Authorization ..............................................8
     76       4.3. Proxy-Authenticate .........................................8
     77       4.4. Proxy-Authorization ........................................9
     78    5. IANA Considerations .............................................9
     79       5.1. Authentication Scheme Registry .............................9
     80            5.1.1. Procedure ...........................................9
     81            5.1.2. Considerations for New Authentication Schemes ......10
     82       5.2. Status Code Registration ..................................11
     83       5.3. Header Field Registration .................................11
     84    6. Security Considerations ........................................12
     85       6.1. Confidentiality of Credentials ............................12
     86       6.2. Authentication Credentials and Idle Clients ...............12
     87       6.3. Protection Spaces .........................................13
     88    7. Acknowledgments ................................................14
     89    8. References .....................................................14
     90       8.1. Normative References ......................................14
     91       8.2. Informative References ....................................14
     92    Appendix A. Changes from RFCs 2616 and 2617 .......................16
     93    Appendix B. Imported ABNF .........................................16
     94    Appendix C. Collected ABNF ........................................17
     95    Index .............................................................18
     96
     97
     98Section 2.1., paragraph 7:
     99OLD:
     100
     101    A 401 (Unauthorized) response message is used by an origin server to
     102    challenge the authorization of a user agent, including a WWW-
     103    Authenticate header field containing at least one challenge
     104    applicable to the requested resource.
     105
     106NEW:
     107
     108    A 401 (Unauthorized) response message is used by an origin server to
     109    challenge the authorization of a user agent, including a
     110    WWW-Authenticate header field containing at least one challenge
     111    applicable to the requested resource.
     112
     113
     114Section 2.1., paragraph 8:
     115OLD:
     116
     117    A 407 (Proxy Authentication Required) response message is used by a
     118    proxy to challenge the authorization of a client, including a Proxy-
     119    Authenticate header field containing at least one challenge
     120    applicable to the proxy for the requested resource.
     121
     122NEW:
     123
     124    A 407 (Proxy Authentication Required) response message is used by a
     125    proxy to challenge the authorization of a client, including a
     126    Proxy-Authenticate header field containing at least one challenge
     127    applicable to the proxy for the requested resource.
     128
     129
     130Section 5.5, paragraph 2:
     131OLD:
     132
     133    For historical reasons, a sender MUST only generate the quoted-string
     134    syntax.  Recipients might have to support both token and quoted-
     135    string syntax for maximum interoperability with existing clients that
     136    have been accepting both notations for a long time.
     137
     138NEW:
     139
     140    For historical reasons, a sender MUST only generate the quoted-string
     141    syntax.  Recipients might have to support both token and
     142    quoted-string syntax for maximum interoperability with existing
     143    clients that have been accepting both notations for a long time.
     144
     145
     146Section 4.1., paragraph 3:
     147OLD:
     148
     149    A server generating a 401 (Unauthorized) response MUST send a WWW-
     150    Authenticate header field containing at least one challenge.  A
     151    server MAY generate a WWW-Authenticate header field in other response
     152    messages to indicate that supplying credentials (or different
     153    credentials) might affect the response.
     154
     155NEW:
     156
     157    A server generating a 401 (Unauthorized) response MUST send a
     158    WWW-Authenticate header field containing at least one challenge.  A
     159    server MAY generate a WWW-Authenticate header field in other response
     160    messages to indicate that supplying credentials (or different
     161    credentials) might affect the response.
     162
     163
     164Section 5.1.2., paragraph 4:
     165OLD:
     166
     167    o  The "token68" notation was introduced for compatibility with
     168       existing authentication schemes and can only be used once per
     169       challenge or credential.  Thus, new schemes ought to use the auth-
     170       param syntax instead, because otherwise future extensions will be
     171       impossible.
     172
     173NEW:
     174
     175    o  The "token68" notation was introduced for compatibility with
     176       existing authentication schemes and can only be used once per
     177       challenge or credential.  Thus, new schemes ought to use the
     178       auth-param syntax instead, because otherwise future extensions
     179       will be impossible.
     180
     181
     182Section 6., paragraph 1:
     183OLD:
     184
     185    This section is meant to inform developers, information providers,
     186    and users of known security concerns specific to HTTP authentication.
     187 
     188    More general security considerations are addressed in HTTP messaging
     189    [RFC7230] and semantics [RFC7231].
     190
     191NEW:
     192
     193    This section is meant to inform developers, information providers,
     194    and users of known security concerns specific to HTTP authentication.
     195    More general security considerations are addressed in HTTP messaging
     196    [RFC7230] and semantics [RFC7231].
     197
     198
     199Section 8.1., paragraph 0:
     200OLD:
     201
     202 8.  References
     203 8.1.  Normative References
     204
     205NEW:
     206
     207 8.  References
     208 
     209 8.1.  Normative References
    158210
    159211
  • draft-ietf-httpbis/latest/auth48/rfc7235.diff.html

    r2712 r2713  
    3737  <table border="0" cellpadding="0" cellspacing="0">
    3838  <tr bgcolor="orange"><th></th><th>&nbsp;p7-auth.unpg.txt&nbsp;</th><th> </th><th>&nbsp;rfc7235.txt&nbsp;</th><th></th></tr>
    39       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    40       <tr><td class="lineno" valign="top"></td><td class="left">Internet Engineering Task Force (IETF)                  R. Fielding, Ed.</td><td> </td><td class="right">Internet Engineering Task Force (IETF)                  R. Fielding, Ed.</td><td class="lineno" valign="top"></td></tr>
    41       <tr><td class="lineno" valign="top"></td><td class="left">Request for Comments: 7235                                         Adobe</td><td> </td><td class="right">Request for Comments: 7235                                         Adobe</td><td class="lineno" valign="top"></td></tr>
    42       <tr><td class="lineno" valign="top"></td><td class="left">Obsoletes: 2616                                          J. Reschke, Ed.</td><td> </td><td class="right">Obsoletes: 2616                                          J. Reschke, Ed.</td><td class="lineno" valign="top"></td></tr>
    43       <tr><td class="lineno" valign="top"></td><td class="left">Updates: 2617                                                 greenbytes</td><td> </td><td class="right">Updates: 2617                                                 greenbytes</td><td class="lineno" valign="top"></td></tr>
    44       <tr><td><a name="diff0001" /></td></tr>
    45       <tr><td class="lineno" valign="top"></td><td class="lblock">Category: Standards Track                                      <span class="delete">June</span> 2014</td><td> </td><td class="rblock">Category: Standards Track                                      <span class="insert"> May</span> 2014</td><td class="lineno" valign="top"></td></tr>
     39      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
     40      <tr bgcolor="gray" ><td></td><th><a name="part-l1" /><small>skipping to change at</small><em> page 1, line 18</em></th><th> </th><th><a name="part-r1" /><small>skipping to change at</small><em> page 1, line 18</em></th><td></td></tr>
    4641      <tr><td class="lineno" valign="top"></td><td class="left">ISSN: 2070-1721</td><td> </td><td class="right">ISSN: 2070-1721</td><td class="lineno" valign="top"></td></tr>
    4742      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     
    5449      <tr><td class="lineno" valign="top"></td><td class="left">   systems.  This document defines the HTTP Authentication framework.</td><td> </td><td class="right">   systems.  This document defines the HTTP Authentication framework.</td><td class="lineno" valign="top"></td></tr>
    5550      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    56       <tr><td><a name="diff0002" /></td></tr>
     51      <tr><td><a name="diff0001" /></td></tr>
    5752      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">Editorial Note (To be removed by RFC Editor)</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
    5853      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"></span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
     
    9186      <tr><td class="lineno" valign="top"></td><td class="left">Table of Contents</td><td> </td><td class="right">Table of Contents</td><td class="lineno" valign="top"></td></tr>
    9287      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    93       <tr><td><a name="diff0003" /></td></tr>
    94       <tr><td class="lineno" valign="top"></td><td class="lblock">   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  <span class="delete">4</span></td><td> </td><td class="rblock">   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  <span class="insert">3</span></td><td class="lineno" valign="top"></td></tr>
    95       <tr><td class="lineno" valign="top"></td><td class="lblock">     1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  <span class="delete">4</span></td><td> </td><td class="rblock">     1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  <span class="insert">3</span></td><td class="lineno" valign="top"></td></tr>
    96       <tr><td class="lineno" valign="top"></td><td class="lblock">     1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  <span class="delete">4</span></td><td> </td><td class="rblock">     1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  <span class="insert">3</span></td><td class="lineno" valign="top"></td></tr>
    97       <tr><td class="lineno" valign="top"></td><td class="lblock">   2.  Access Authentication Framework  . . . . . . . . . . . . . . .  <span class="delete">4</span></td><td> </td><td class="rblock">   2.  Access Authentication Framework  . . . . . . . . . . . . . . .  <span class="insert">3</span></td><td class="lineno" valign="top"></td></tr>
    98       <tr><td class="lineno" valign="top"></td><td class="lblock">     2.1.  Challenge and Response . . . . . . . . . . . . . . . . . .  <span class="delete">4</span></td><td> </td><td class="rblock">     2.1.  Challenge and Response . . . . . . . . . . . . . . . . . .  <span class="insert">3</span></td><td class="lineno" valign="top"></td></tr>
    99       <tr><td class="lineno" valign="top"></td><td class="lblock">     2.2.  Protection Space (Realm) . . . . . . . . . . . . . . . . .  <span class="delete">6</span></td><td> </td><td class="rblock">     2.2.  Protection Space (Realm) . . . . . . . . . . . . . . . . .  <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
    100       <tr><td class="lineno" valign="top"></td><td class="lblock">   3.  Status Code Definitions  . . . . . . . . . . . . . . . . . . .  <span class="delete">7</span></td><td> </td><td class="rblock">   3.  Status Code Definitions  . . . . . . . . . . . . . . . . . . .  <span class="insert">6</span></td><td class="lineno" valign="top"></td></tr>
    101       <tr><td class="lineno" valign="top"></td><td class="lblock">     3.1.  401 Unauthorized . . . . . . . . . . . . . . . . . . . . .  <span class="delete">7</span></td><td> </td><td class="rblock">     3.1.  401 Unauthorized . . . . . . . . . . . . . . . . . . . . .  <span class="insert">6</span></td><td class="lineno" valign="top"></td></tr>
    102       <tr><td class="lineno" valign="top"></td><td class="lblock">     3.2.  407 Proxy Authentication Required  . . . . . . . . . . . .  <span class="delete">7</span></td><td> </td><td class="rblock">     3.2.  407 Proxy Authentication Required  . . . . . . . . . . . .  <span class="insert">6</span></td><td class="lineno" valign="top"></td></tr>
    103       <tr><td class="lineno" valign="top"></td><td class="lblock">   4.  Header Field Definitions . . . . . . . . . . . . . . . . . . .  <span class="delete">8</span></td><td> </td><td class="rblock">   4.  Header Field Definitions . . . . . . . . . . . . . . . . . . .  <span class="insert">7</span></td><td class="lineno" valign="top"></td></tr>
    104       <tr><td class="lineno" valign="top"></td><td class="lblock">     4.1.  WWW-Authenticate . . . . . . . . . . . . . . . . . . . . .  <span class="delete">8</span></td><td> </td><td class="rblock">     4.1.  WWW-Authenticate . . . . . . . . . . . . . . . . . . . . .  <span class="insert">7</span></td><td class="lineno" valign="top"></td></tr>
    105       <tr><td class="lineno" valign="top"></td><td class="lblock">     4.2.  Authorization  . . . . . . . . . . . . . . . . . . . . . .  <span class="delete">9</span></td><td> </td><td class="rblock">     4.2.  Authorization  . . . . . . . . . . . . . . . . . . . . . .  <span class="insert">8</span></td><td class="lineno" valign="top"></td></tr>
    106       <tr><td class="lineno" valign="top"></td><td class="lblock">     4.3.  Proxy-Authenticate . . . . . . . . . . . . . . . . . . . .  <span class="delete">9</span></td><td> </td><td class="rblock">     4.3.  Proxy-Authenticate . . . . . . . . . . . . . . . . . . . .  <span class="insert">8</span></td><td class="lineno" valign="top"></td></tr>
    107       <tr><td class="lineno" valign="top"></td><td class="lblock">     4.4.  Proxy-Authorization  . . . . . . . . . . . . . . . . . . . <span class="delete">10</span></td><td> </td><td class="rblock">     4.4.  Proxy-Authorization  . . . . . . . . . . . . . . . . . . .  <span class="insert">9</span></td><td class="lineno" valign="top"></td></tr>
    108       <tr><td class="lineno" valign="top"></td><td class="lblock">   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . <span class="delete">10</span></td><td> </td><td class="rblock">   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  <span class="insert">9</span></td><td class="lineno" valign="top"></td></tr>
    109       <tr><td class="lineno" valign="top"></td><td class="lblock">     5.1.  Authentication Scheme Registry . . . . . . . . . . . . . . <span class="delete">10</span></td><td> </td><td class="rblock">     5.1.  Authentication Scheme Registry . . . . . . . . . . . . . .  <span class="insert">9</span></td><td class="lineno" valign="top"></td></tr>
    110       <tr><td class="lineno" valign="top"></td><td class="lblock">       5.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . . <span class="delete">10</span></td><td> </td><td class="rblock">       5.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . .  <span class="insert">9</span></td><td class="lineno" valign="top"></td></tr>
    111       <tr><td class="lineno" valign="top"></td><td class="lblock">       5.1.2.  Considerations for New Authentication Schemes  . . . . <span class="delete">10</span></td><td> </td><td class="rblock">       5.1.2.  Considerations for New Authentication Schemes  . . . .  <span class="insert">9</span></td><td class="lineno" valign="top"></td></tr>
    112       <tr><td class="lineno" valign="top"></td><td class="lblock">     5.2.  Status Code Registration . . . . . . . . . . . . . . . . . <span class="delete">12</span></td><td> </td><td class="rblock">     5.2.  Status Code Registration . . . . . . . . . . . . . . . . . <span class="insert">11</span></td><td class="lineno" valign="top"></td></tr>
    113       <tr><td class="lineno" valign="top"></td><td class="lblock">     5.3.  Header Field Registration  . . . . . . . . . . . . . . . . <span class="delete">12</span></td><td> </td><td class="rblock">     5.3.  Header Field Registration  . . . . . . . . . . . . . . . . <span class="insert">11</span></td><td class="lineno" valign="top"></td></tr>
    114       <tr><td class="lineno" valign="top"></td><td class="lblock">   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . <span class="delete">12</span></td><td> </td><td class="rblock">   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . <span class="insert">11</span></td><td class="lineno" valign="top"></td></tr>
    115       <tr><td class="lineno" valign="top"></td><td class="lblock">     6.1.  Confidentiality of Credentials . . . . . . . . . . . . . . <span class="delete">13</span></td><td> </td><td class="rblock">     6.1.  Confidentiality of Credentials . . . . . . . . . . . . . . <span class="insert">12</span></td><td class="lineno" valign="top"></td></tr>
    116       <tr><td class="lineno" valign="top"></td><td class="lblock">     6.2.  Authentication Credentials and Idle Clients  . . . . . . . <span class="delete">13</span></td><td> </td><td class="rblock">     6.2.  Authentication Credentials and Idle Clients  . . . . . . . <span class="insert">12</span></td><td class="lineno" valign="top"></td></tr>
    117       <tr><td class="lineno" valign="top"></td><td class="lblock">     6.3.  Protection Spaces  . . . . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock">     6.3.  Protection Spaces  . . . . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno" valign="top"></td></tr>
    118       <tr><td class="lineno" valign="top"></td><td class="lblock">   7.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">14</span></td><td> </td><td class="rblock">   7.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">13</span></td><td class="lineno" valign="top"></td></tr>
    119       <tr><td class="lineno" valign="top"></td><td class="lblock">   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">15</span></td><td> </td><td class="rblock">   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">14</span></td><td class="lineno" valign="top"></td></tr>
    120       <tr><td class="lineno" valign="top"></td><td class="lblock">     8.1.  Normative References . . . . . . . . . . . . . . . . . . . <span class="delete">15</span></td><td> </td><td class="rblock">     8.1.  Normative References . . . . . . . . . . . . . . . . . . . <span class="insert">14</span></td><td class="lineno" valign="top"></td></tr>
    121       <tr><td class="lineno" valign="top"></td><td class="lblock">     8.2.  Informative References . . . . . . . . . . . . . . . . . . <span class="delete">15</span></td><td> </td><td class="rblock">     8.2.  Informative References . . . . . . . . . . . . . . . . . . <span class="insert">14</span></td><td class="lineno" valign="top"></td></tr>
    122       <tr><td class="lineno" valign="top"></td><td class="lblock">   Appendix A.  Changes from RFCs 2616 and 2617 . . . . . . . . . . . <span class="delete">16</span></td><td> </td><td class="rblock">   Appendix A.  Changes from RFCs 2616 and 2617 . . . . . . . . . . . <span class="insert">15</span></td><td class="lineno" valign="top"></td></tr>
    123       <tr><td class="lineno" valign="top"></td><td class="lblock">   Appendix B.  Imported ABNF . . . . . . . . . . . . . . . . . . . . <span class="delete">16</span></td><td> </td><td class="rblock">   Appendix B.  Imported ABNF . . . . . . . . . . . . . . . . . . . . <span class="insert">15</span></td><td class="lineno" valign="top"></td></tr>
    124       <tr><td class="lineno" valign="top"></td><td class="lblock">   Appendix C.  Collected ABNF  . . . . . . . . . . . . . . . . . . . <span class="delete">16</span></td><td> </td><td class="rblock">   Appendix C.  Collected ABNF  . . . . . . . . . . . . . . . . . . . <span class="insert">15</span></td><td class="lineno" valign="top"></td></tr>
    125       <tr><td class="lineno" valign="top"></td><td class="lblock">   Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">17</span></td><td> </td><td class="rblock">   Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">16</span></td><td class="lineno" valign="top"></td></tr>
     88      <tr><td><a name="diff0002" /></td></tr>
     89      <tr><td class="lineno" valign="top"></td><td class="lblock">   1.  Introduction <span class="delete">. . . . . . . . . . . . . . . . . . . . . . . . .  4</span></td><td> </td><td class="rblock">   1. Introduction <span class="insert">....................................................3</span></td><td class="lineno" valign="top"></td></tr>
     90      <tr><td class="lineno" valign="top"></td><td class="lblock">     1.1.  Conformance and Error Handling <span class="delete">. . . . . . . . . . . . . .  4</span></td><td> </td><td class="rblock">      1.1. Conformance and Error Handling <span class="insert">.............................3</span></td><td class="lineno" valign="top"></td></tr>
     91      <tr><td class="lineno" valign="top"></td><td class="lblock">     1.2.  Syntax Notation  <span class="delete">. . . . . . . . . . . . . . . . . . . . .  4</span></td><td> </td><td class="rblock">      1.2. Syntax Notation <span class="insert">............................................3</span></td><td class="lineno" valign="top"></td></tr>
     92      <tr><td class="lineno" valign="top"></td><td class="lblock">   2.  Access Authentication Framework  <span class="delete">. . . . . . . . . . . . . . .  4</span></td><td> </td><td class="rblock">   2. Access Authentication Framework <span class="insert">.................................3</span></td><td class="lineno" valign="top"></td></tr>
     93      <tr><td class="lineno" valign="top"></td><td class="lblock">     2.1.  Challenge and Response <span class="delete">. . . . . . . . . . . . . . . . . .  4</span></td><td> </td><td class="rblock">      2.1. Challenge and Response <span class="insert">.....................................3</span></td><td class="lineno" valign="top"></td></tr>
     94      <tr><td class="lineno" valign="top"></td><td class="lblock">     2.2.  Protection Space (Realm) <span class="delete">. . . . . . . . . . . . . . . . .  6</span></td><td> </td><td class="rblock">      2.2. Protection Space (Realm) <span class="insert">...................................5</span></td><td class="lineno" valign="top"></td></tr>
     95      <tr><td class="lineno" valign="top"></td><td class="lblock">   3.  Status Code Definitions  <span class="delete">. . . . . . . . . . . . . . . . . . .  7</span></td><td> </td><td class="rblock">   3. Status Code Definitions <span class="insert">.........................................6</span></td><td class="lineno" valign="top"></td></tr>
     96      <tr><td class="lineno" valign="top"></td><td class="lblock">     3.1.  401 Unauthorized <span class="delete">. . . . . . . . . . . . . . . . . . . . .  7</span></td><td> </td><td class="rblock">      3.1. 401 Unauthorized <span class="insert">...........................................6</span></td><td class="lineno" valign="top"></td></tr>
     97      <tr><td class="lineno" valign="top"></td><td class="lblock">     3.2.  407 Proxy Authentication Required  <span class="delete">. . . . . . . . . . . .  7</span></td><td> </td><td class="rblock">      3.2. 407 Proxy Authentication Required <span class="insert">..........................6</span></td><td class="lineno" valign="top"></td></tr>
     98      <tr><td class="lineno" valign="top"></td><td class="lblock">   4.  Header Field Definitions <span class="delete">. . . . . . . . . . . . . . . . . . .  8</span></td><td> </td><td class="rblock">   4. Header Field Definitions <span class="insert">........................................7</span></td><td class="lineno" valign="top"></td></tr>
     99      <tr><td class="lineno" valign="top"></td><td class="lblock">     4.1.  WWW-Authenticate <span class="delete">. . . . . . . . . . . . . . . . . . . . .  8</span></td><td> </td><td class="rblock">      4.1. WWW-Authenticate <span class="insert">...........................................7</span></td><td class="lineno" valign="top"></td></tr>
     100      <tr><td class="lineno" valign="top"></td><td class="lblock">     4.2.  Authorization  <span class="delete">. . . . . . . . . . . . . . . . . . . . . .  9</span></td><td> </td><td class="rblock">      4.2. Authorization <span class="insert">..............................................8</span></td><td class="lineno" valign="top"></td></tr>
     101      <tr><td class="lineno" valign="top"></td><td class="lblock">     4.3.  Proxy-Authenticate <span class="delete">. . . . . . . . . . . . . . . . . . . .  9</span></td><td> </td><td class="rblock">      4.3. Proxy-Authenticate <span class="insert">.........................................8</span></td><td class="lineno" valign="top"></td></tr>
     102      <tr><td class="lineno" valign="top"></td><td class="lblock">     4.4.  Proxy-Authorization  <span class="delete">. . . . . . . . . . . . . . . . . . . 10</span></td><td> </td><td class="rblock">      4.4. Proxy-Authorization <span class="insert">........................................9</span></td><td class="lineno" valign="top"></td></tr>
     103      <tr><td class="lineno" valign="top"></td><td class="lblock">   5.  IANA Considerations  <span class="delete">. . . . . . . . . . . . . . . . . . . . . 10</span></td><td> </td><td class="rblock">   5. IANA Considerations <span class="insert">.............................................9</span></td><td class="lineno" valign="top"></td></tr>
     104      <tr><td class="lineno" valign="top"></td><td class="lblock">     5.1.  Authentication Scheme Registry <span class="delete">. . . . . . . . . . . . . . 10</span></td><td> </td><td class="rblock">      5.1. Authentication Scheme Registry <span class="insert">.............................9</span></td><td class="lineno" valign="top"></td></tr>
     105      <tr><td class="lineno" valign="top"></td><td class="lblock">       5.1.1.  Procedure  <span class="delete">. . . . . . . . . . . . . . . . . . . . . . 10</span></td><td> </td><td class="rblock">           5.1.1. Procedure <span class="insert">...........................................9</span></td><td class="lineno" valign="top"></td></tr>
     106      <tr><td class="lineno" valign="top"></td><td class="lblock">       5.1.2.  Considerations for New Authentication Schemes  <span class="delete">. . . . 10</span></td><td> </td><td class="rblock">           5.1.2. Considerations for New Authentication Schemes <span class="insert">......10</span></td><td class="lineno" valign="top"></td></tr>
     107      <tr><td class="lineno" valign="top"></td><td class="lblock">     5.2.  Status Code Registration <span class="delete">. . . . . . . . . . . . . . . . . 12</span></td><td> </td><td class="rblock">      5.2. Status Code Registration <span class="insert">..................................11</span></td><td class="lineno" valign="top"></td></tr>
     108      <tr><td class="lineno" valign="top"></td><td class="lblock">     5.3.  Header Field Registration  <span class="delete">. . . . . . . . . . . . . . . . 12</span></td><td> </td><td class="rblock">      5.3. Header Field Registration <span class="insert">.................................11</span></td><td class="lineno" valign="top"></td></tr>
     109      <tr><td class="lineno" valign="top"></td><td class="lblock">   6.  Security Considerations  <span class="delete">. . . . . . . . . . . . . . . . . . . 12</span></td><td> </td><td class="rblock">   6. Security Considerations <span class="insert">........................................12</span></td><td class="lineno" valign="top"></td></tr>
     110      <tr><td class="lineno" valign="top"></td><td class="lblock">     6.1.  Confidentiality of Credentials <span class="delete">. . . . . . . . . . . . . . 13</span></td><td> </td><td class="rblock">      6.1. Confidentiality of Credentials <span class="insert">............................12</span></td><td class="lineno" valign="top"></td></tr>
     111      <tr><td class="lineno" valign="top"></td><td class="lblock">     6.2.  Authentication Credentials and Idle Clients  <span class="delete">. . . . . . . 13</span></td><td> </td><td class="rblock">      6.2. Authentication Credentials and Idle Clients <span class="insert">...............12</span></td><td class="lineno" valign="top"></td></tr>
     112      <tr><td class="lineno" valign="top"></td><td class="lblock">     6.3.  Protection Spaces  <span class="delete">. . . . . . . . . . . . . . . . . . . . 14</span></td><td> </td><td class="rblock">      6.3. Protection Spaces <span class="insert">.........................................13</span></td><td class="lineno" valign="top"></td></tr>
     113      <tr><td class="lineno" valign="top"></td><td class="lblock">   7.  Acknowledgments  <span class="delete">. . . . . . . . . . . . . . . . . . . . . . . 14</span></td><td> </td><td class="rblock">   7. Acknowledgments <span class="insert">................................................14</span></td><td class="lineno" valign="top"></td></tr>
     114      <tr><td class="lineno" valign="top"></td><td class="lblock">   8.  References <span class="delete">. . . . . . . . . . . . . . . . . . . . . . . . . . 15</span></td><td> </td><td class="rblock">   8. References <span class="insert">.....................................................14</span></td><td class="lineno" valign="top"></td></tr>
     115      <tr><td class="lineno" valign="top"></td><td class="lblock">     8.1.  Normative References <span class="delete">. . . . . . . . . . . . . . . . . . . 15</span></td><td> </td><td class="rblock">      8.1. Normative References <span class="insert">......................................14</span></td><td class="lineno" valign="top"></td></tr>
     116      <tr><td class="lineno" valign="top"></td><td class="lblock">     8.2.  Informative References <span class="delete">. . . . . . . . . . . . . . . . . . 15</span></td><td> </td><td class="rblock">      8.2. Informative References <span class="insert">....................................14</span></td><td class="lineno" valign="top"></td></tr>
     117      <tr><td class="lineno" valign="top"></td><td class="lblock">   Appendix A.  Changes from RFCs 2616 and 2617 <span class="delete">. . . . . . . . . . . 16</span></td><td> </td><td class="rblock">   Appendix A. Changes from RFCs 2616 and 2617 <span class="insert">.......................16</span></td><td class="lineno" valign="top"></td></tr>
     118      <tr><td class="lineno" valign="top"></td><td class="lblock">   Appendix B.  Imported ABNF <span class="delete">. . . . . . . . . . . . . . . . . . . . 16</span></td><td> </td><td class="rblock">   Appendix B. Imported ABNF <span class="insert">.........................................16</span></td><td class="lineno" valign="top"></td></tr>
     119      <tr><td class="lineno" valign="top"></td><td class="lblock">   Appendix C.  Collected ABNF  <span class="delete">. . . . . . . . . . . . . . . . . . . 16</span></td><td> </td><td class="rblock">   Appendix C. Collected ABNF <span class="insert">........................................17</span></td><td class="lineno" valign="top"></td></tr>
     120      <tr><td class="lineno" valign="top"></td><td class="lblock">   Index  <span class="delete">. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17</span></td><td> </td><td class="rblock">   Index <span class="insert">.............................................................18</span></td><td class="lineno" valign="top"></td></tr>
    126121      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    127122      <tr><td class="lineno" valign="top"></td><td class="left">1.  Introduction</td><td> </td><td class="right">1.  Introduction</td><td class="lineno" valign="top"></td></tr>
     
    135130      <tr><td class="lineno" valign="top"></td><td class="left">   Message Syntax and Routing" [RFC7230], including the general</td><td> </td><td class="right">   Message Syntax and Routing" [RFC7230], including the general</td><td class="lineno" valign="top"></td></tr>
    136131      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
    137       <tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> page 15, line 14</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> page 14, line 14</em></th><td></td></tr>
    138       <tr><td class="lineno" valign="top"></td><td class="left">8.1.  Normative References</td><td> </td><td class="right">8.1.  Normative References</td><td class="lineno" valign="top"></td></tr>
    139       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    140       <tr><td class="lineno" valign="top"></td><td class="left">   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate</td><td> </td><td class="right">   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate</td><td class="lineno" valign="top"></td></tr>
    141       <tr><td class="lineno" valign="top"></td><td class="left">              Requirement Levels", BCP 14, RFC 2119, March 1997.</td><td> </td><td class="right">              Requirement Levels", BCP 14, RFC 2119, March 1997.</td><td class="lineno" valign="top"></td></tr>
    142       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    143       <tr><td class="lineno" valign="top"></td><td class="left">   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax</td><td> </td><td class="right">   [RFC5234]  Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax</td><td class="lineno" valign="top"></td></tr>
    144       <tr><td class="lineno" valign="top"></td><td class="left">              Specifications: ABNF", STD 68, RFC 5234, January 2008.</td><td> </td><td class="right">              Specifications: ABNF", STD 68, RFC 5234, January 2008.</td><td class="lineno" valign="top"></td></tr>
    145       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    146       <tr><td class="lineno" valign="top"></td><td class="left">   [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer</td><td> </td><td class="right">   [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer</td><td class="lineno" valign="top"></td></tr>
    147       <tr><td class="lineno" valign="top"></td><td class="left">              Protocol (HTTP/1.1): Message Syntax and Routing",</td><td> </td><td class="right">              Protocol (HTTP/1.1): Message Syntax and Routing",</td><td class="lineno" valign="top"></td></tr>
     132      <tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> page 5, line 25</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> page 4, line 26</em></th><td></td></tr>
     133      <tr><td class="lineno" valign="top"></td><td class="left">     token68        = 1*( ALPHA / DIGIT /</td><td> </td><td class="right">     token68        = 1*( ALPHA / DIGIT /</td><td class="lineno" valign="top"></td></tr>
     134      <tr><td class="lineno" valign="top"></td><td class="left">                          "-" / "." / "_" / "~" / "+" / "/" ) *"="</td><td> </td><td class="right">                          "-" / "." / "_" / "~" / "+" / "/" ) *"="</td><td class="lineno" valign="top"></td></tr>
     135      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     136      <tr><td class="lineno" valign="top"></td><td class="left">   The token68 syntax allows the 66 unreserved URI characters</td><td> </td><td class="right">   The token68 syntax allows the 66 unreserved URI characters</td><td class="lineno" valign="top"></td></tr>
     137      <tr><td class="lineno" valign="top"></td><td class="left">   ([RFC3986]), plus a few others, so that it can hold a base64,</td><td> </td><td class="right">   ([RFC3986]), plus a few others, so that it can hold a base64,</td><td class="lineno" valign="top"></td></tr>
     138      <tr><td class="lineno" valign="top"></td><td class="left">   base64url (URL and filename safe alphabet), base32, or base16 (hex)</td><td> </td><td class="right">   base64url (URL and filename safe alphabet), base32, or base16 (hex)</td><td class="lineno" valign="top"></td></tr>
     139      <tr><td class="lineno" valign="top"></td><td class="left">   encoding, with or without padding, but excluding whitespace</td><td> </td><td class="right">   encoding, with or without padding, but excluding whitespace</td><td class="lineno" valign="top"></td></tr>
     140      <tr><td class="lineno" valign="top"></td><td class="left">   ([RFC4648]).</td><td> </td><td class="right">   ([RFC4648]).</td><td class="lineno" valign="top"></td></tr>
     141      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     142      <tr><td class="lineno" valign="top"></td><td class="left">   A 401 (Unauthorized) response message is used by an origin server to</td><td> </td><td class="right">   A 401 (Unauthorized) response message is used by an origin server to</td><td class="lineno" valign="top"></td></tr>
     143      <tr><td><a name="diff0003" /></td></tr>
     144      <tr><td class="lineno" valign="top"></td><td class="lblock">   challenge the authorization of a user agent, including a <span class="delete">WWW-</span></td><td> </td><td class="rblock">   challenge the authorization of a user agent, including a</td><td class="lineno" valign="top"></td></tr>
     145      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">   Authenticate</span> header field containing at least one challenge</td><td> </td><td class="rblock">   <span class="insert">WWW-Authenticate</span> header field containing at least one challenge</td><td class="lineno" valign="top"></td></tr>
     146      <tr><td class="lineno" valign="top"></td><td class="left">   applicable to the requested resource.</td><td> </td><td class="right">   applicable to the requested resource.</td><td class="lineno" valign="top"></td></tr>
     147      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     148      <tr><td class="lineno" valign="top"></td><td class="left">   A 407 (Proxy Authentication Required) response message is used by a</td><td> </td><td class="right">   A 407 (Proxy Authentication Required) response message is used by a</td><td class="lineno" valign="top"></td></tr>
    148149      <tr><td><a name="diff0004" /></td></tr>
    149       <tr><td class="lineno" valign="top"></td><td class="lblock">              RFC 7230, <span class="delete">June</span> 2014.</td><td> </td><td class="rblock">              RFC 7230, <span class="insert">May</span> 2014.</td><td class="lineno" valign="top"></td></tr>
    150       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    151       <tr><td class="lineno" valign="top"></td><td class="left">   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer</td><td> </td><td class="right">   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer</td><td class="lineno" valign="top"></td></tr>
    152       <tr><td class="lineno" valign="top"></td><td class="left">              Protocol (HTTP/1.1): Semantics and Content", RFC 7231,</td><td> </td><td class="right">              Protocol (HTTP/1.1): Semantics and Content", RFC 7231,</td><td class="lineno" valign="top"></td></tr>
     150      <tr><td class="lineno" valign="top"></td><td class="lblock">   proxy to challenge the authorization of a client, including a <span class="delete">Proxy-</span></td><td> </td><td class="rblock">   proxy to challenge the authorization of a client, including a</td><td class="lineno" valign="top"></td></tr>
     151      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">   Authenticate</span> header field containing at least one challenge</td><td> </td><td class="rblock">   <span class="insert">Proxy-Authenticate</span> header field containing at least one challenge</td><td class="lineno" valign="top"></td></tr>
     152      <tr><td class="lineno" valign="top"></td><td class="left">   applicable to the proxy for the requested resource.</td><td> </td><td class="right">   applicable to the proxy for the requested resource.</td><td class="lineno" valign="top"></td></tr>
     153      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     154      <tr><td class="lineno" valign="top"></td><td class="left">     challenge   = auth-scheme [ 1*SP ( token68 / #auth-param ) ]</td><td> </td><td class="right">     challenge   = auth-scheme [ 1*SP ( token68 / #auth-param ) ]</td><td class="lineno" valign="top"></td></tr>
     155      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     156      <tr><td class="lineno" valign="top"></td><td class="left">      Note: Many clients fail to parse a challenge that contains an</td><td> </td><td class="right">      Note: Many clients fail to parse a challenge that contains an</td><td class="lineno" valign="top"></td></tr>
     157      <tr><td class="lineno" valign="top"></td><td class="left">      unknown scheme.  A workaround for this problem is to list well-</td><td> </td><td class="right">      unknown scheme.  A workaround for this problem is to list well-</td><td class="lineno" valign="top"></td></tr>
     158      <tr><td class="lineno" valign="top"></td><td class="left">      supported schemes (such as "basic") first.</td><td> </td><td class="right">      supported schemes (such as "basic") first.</td><td class="lineno" valign="top"></td></tr>
     159      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     160      <tr><td class="lineno" valign="top"></td><td class="left">   A user agent that wishes to authenticate itself with an origin server</td><td> </td><td class="right">   A user agent that wishes to authenticate itself with an origin server</td><td class="lineno" valign="top"></td></tr>
     161      <tr><td class="lineno" valign="top"></td><td class="left">   -- usually, but not necessarily, after receiving a 401 (Unauthorized)</td><td> </td><td class="right">   -- usually, but not necessarily, after receiving a 401 (Unauthorized)</td><td class="lineno" valign="top"></td></tr>
     162      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
     163      <tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> page 7, line 18</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> page 6, line 20</em></th><td></td></tr>
     164      <tr><td class="lineno" valign="top"></td><td class="left">   The protection space determines the domain over which credentials can</td><td> </td><td class="right">   The protection space determines the domain over which credentials can</td><td class="lineno" valign="top"></td></tr>
     165      <tr><td class="lineno" valign="top"></td><td class="left">   be automatically applied.  If a prior request has been authorized,</td><td> </td><td class="right">   be automatically applied.  If a prior request has been authorized,</td><td class="lineno" valign="top"></td></tr>
     166      <tr><td class="lineno" valign="top"></td><td class="left">   the user agent MAY reuse the same credentials for all other requests</td><td> </td><td class="right">   the user agent MAY reuse the same credentials for all other requests</td><td class="lineno" valign="top"></td></tr>
     167      <tr><td class="lineno" valign="top"></td><td class="left">   within that protection space for a period of time determined by the</td><td> </td><td class="right">   within that protection space for a period of time determined by the</td><td class="lineno" valign="top"></td></tr>
     168      <tr><td class="lineno" valign="top"></td><td class="left">   authentication scheme, parameters, and/or user preferences (such as a</td><td> </td><td class="right">   authentication scheme, parameters, and/or user preferences (such as a</td><td class="lineno" valign="top"></td></tr>
     169      <tr><td class="lineno" valign="top"></td><td class="left">   configurable inactivity timeout).  Unless specifically allowed by the</td><td> </td><td class="right">   configurable inactivity timeout).  Unless specifically allowed by the</td><td class="lineno" valign="top"></td></tr>
     170      <tr><td class="lineno" valign="top"></td><td class="left">   authentication scheme, a single protection space cannot extend</td><td> </td><td class="right">   authentication scheme, a single protection space cannot extend</td><td class="lineno" valign="top"></td></tr>
     171      <tr><td class="lineno" valign="top"></td><td class="left">   outside the scope of its server.</td><td> </td><td class="right">   outside the scope of its server.</td><td class="lineno" valign="top"></td></tr>
     172      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     173      <tr><td class="lineno" valign="top"></td><td class="left">   For historical reasons, a sender MUST only generate the quoted-string</td><td> </td><td class="right">   For historical reasons, a sender MUST only generate the quoted-string</td><td class="lineno" valign="top"></td></tr>
    153174      <tr><td><a name="diff0005" /></td></tr>
    154       <tr><td class="lineno" valign="top"></td><td class="lblock">              <span class="delete">June</span> 2014.</td><td> </td><td class="rblock">              <span class="insert">May</span> 2014.</td><td class="lineno" valign="top"></td></tr>
    155       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    156       <tr><td class="lineno" valign="top"></td><td class="left">   [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,</td><td> </td><td class="right">   [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,</td><td class="lineno" valign="top"></td></tr>
    157       <tr><td class="lineno" valign="top"></td><td class="left">              Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",</td><td> </td><td class="right">              Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",</td><td class="lineno" valign="top"></td></tr>
     175      <tr><td class="lineno" valign="top"></td><td class="lblock">   syntax.  Recipients might have to support both token and <span class="delete">quoted-</span></td><td> </td><td class="rblock">   syntax.  Recipients might have to support both token and</td><td class="lineno" valign="top"></td></tr>
     176      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">   string</span> syntax for maximum interoperability with existing clients that</td><td> </td><td class="rblock">   <span class="insert">quoted-string</span> syntax for maximum interoperability with existing</td><td class="lineno" valign="top"></td></tr>
     177      <tr><td class="lineno" valign="top"></td><td class="lblock">   have been accepting both notations for a long time.</td><td> </td><td class="rblock">   clients that have been accepting both notations for a long time.</td><td class="lineno" valign="top"></td></tr>
     178      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     179      <tr><td class="lineno" valign="top"></td><td class="left">3.  Status Code Definitions</td><td> </td><td class="right">3.  Status Code Definitions</td><td class="lineno" valign="top"></td></tr>
     180      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     181      <tr><td class="lineno" valign="top"></td><td class="left">3.1.  401 Unauthorized</td><td> </td><td class="right">3.1.  401 Unauthorized</td><td class="lineno" valign="top"></td></tr>
     182      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     183      <tr><td class="lineno" valign="top"></td><td class="left">   The 401 (Unauthorized) status code indicates that the request has not</td><td> </td><td class="right">   The 401 (Unauthorized) status code indicates that the request has not</td><td class="lineno" valign="top"></td></tr>
     184      <tr><td class="lineno" valign="top"></td><td class="left">   been applied because it lacks valid authentication credentials for</td><td> </td><td class="right">   been applied because it lacks valid authentication credentials for</td><td class="lineno" valign="top"></td></tr>
     185      <tr><td class="lineno" valign="top"></td><td class="left">   the target resource.  The server generating a 401 response MUST send</td><td> </td><td class="right">   the target resource.  The server generating a 401 response MUST send</td><td class="lineno" valign="top"></td></tr>
     186      <tr><td class="lineno" valign="top"></td><td class="left">   a WWW-Authenticate header field (Section 4.1) containing at least one</td><td> </td><td class="right">   a WWW-Authenticate header field (Section 4.1) containing at least one</td><td class="lineno" valign="top"></td></tr>
     187      <tr><td class="lineno" valign="top"></td><td class="left">   challenge applicable to the target resource.</td><td> </td><td class="right">   challenge applicable to the target resource.</td><td class="lineno" valign="top"></td></tr>
     188      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
     189      <tr bgcolor="gray" ><td></td><th><a name="part-l5" /><small>skipping to change at</small><em> page 8, line 17</em></th><th> </th><th><a name="part-r5" /><small>skipping to change at</small><em> page 7, line 17</em></th><td></td></tr>
     190      <tr><td class="lineno" valign="top"></td><td class="left">   This section defines the syntax and semantics of header fields</td><td> </td><td class="right">   This section defines the syntax and semantics of header fields</td><td class="lineno" valign="top"></td></tr>
     191      <tr><td class="lineno" valign="top"></td><td class="left">   related to the HTTP authentication framework.</td><td> </td><td class="right">   related to the HTTP authentication framework.</td><td class="lineno" valign="top"></td></tr>
     192      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     193      <tr><td class="lineno" valign="top"></td><td class="left">4.1.  WWW-Authenticate</td><td> </td><td class="right">4.1.  WWW-Authenticate</td><td class="lineno" valign="top"></td></tr>
     194      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     195      <tr><td class="lineno" valign="top"></td><td class="left">   The "WWW-Authenticate" header field indicates the authentication</td><td> </td><td class="right">   The "WWW-Authenticate" header field indicates the authentication</td><td class="lineno" valign="top"></td></tr>
     196      <tr><td class="lineno" valign="top"></td><td class="left">   scheme(s) and parameters applicable to the target resource.</td><td> </td><td class="right">   scheme(s) and parameters applicable to the target resource.</td><td class="lineno" valign="top"></td></tr>
     197      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     198      <tr><td class="lineno" valign="top"></td><td class="left">     WWW-Authenticate = 1#challenge</td><td> </td><td class="right">     WWW-Authenticate = 1#challenge</td><td class="lineno" valign="top"></td></tr>
     199      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    158200      <tr><td><a name="diff0006" /></td></tr>
    159       <tr><td class="lineno" valign="top"></td><td class="lblock">              RFC 7234, <span class="delete">June</span> 2014.</td><td> </td><td class="rblock">              RFC 7234, <span class="insert">May</span> 2014.</td><td class="lineno" valign="top"></td></tr>
    160       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    161       <tr><td class="lineno" valign="top"></td><td class="left">8.2.  Informative References</td><td> </td><td class="right">8.2.  Informative References</td><td class="lineno" valign="top"></td></tr>
    162       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    163       <tr><td class="lineno" valign="top"></td><td class="left">   [BCP90]    Klyne, G., Nottingham, M., and J. Mogul, "Registration</td><td> </td><td class="right">   [BCP90]    Klyne, G., Nottingham, M., and J. Mogul, "Registration</td><td class="lineno" valign="top"></td></tr>
    164       <tr><td class="lineno" valign="top"></td><td class="left">              Procedures for Message Header Fields", BCP 90, RFC 3864,</td><td> </td><td class="right">              Procedures for Message Header Fields", BCP 90, RFC 3864,</td><td class="lineno" valign="top"></td></tr>
    165       <tr><td class="lineno" valign="top"></td><td class="left">              September 2004.</td><td> </td><td class="right">              September 2004.</td><td class="lineno" valign="top"></td></tr>
    166       <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    167       <tr><td class="lineno" valign="top"></td><td class="left">   [OWASP]    van der Stock, A., Ed., "A Guide to Building Secure Web</td><td> </td><td class="right">   [OWASP]    van der Stock, A., Ed., "A Guide to Building Secure Web</td><td class="lineno" valign="top"></td></tr>
    168       <tr><td class="lineno" valign="top"></td><td class="left">              Applications and Web Services", The Open Web Application</td><td> </td><td class="right">              Applications and Web Services", The Open Web Application</td><td class="lineno" valign="top"></td></tr>
    169       <tr><td class="lineno" valign="top"></td><td class="left">              Security Project (OWASP) 2.0.1, July 2005,</td><td> </td><td class="right">              Security Project (OWASP) 2.0.1, July 2005,</td><td class="lineno" valign="top"></td></tr>
    170       <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
    171       <tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> page 17, line 35</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> page 16, line 35</em></th><td></td></tr>
     201      <tr><td class="lineno" valign="top"></td><td class="lblock">   A server generating a 401 (Unauthorized) response MUST send a <span class="delete">WWW-</span></td><td> </td><td class="rblock">   A server generating a 401 (Unauthorized) response MUST send a</td><td class="lineno" valign="top"></td></tr>
     202      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">   Authenticate</span> header field containing at least one challenge.  A</td><td> </td><td class="rblock">   <span class="insert">WWW-Authenticate</span> header field containing at least one challenge.  A</td><td class="lineno" valign="top"></td></tr>
     203      <tr><td class="lineno" valign="top"></td><td class="left">   server MAY generate a WWW-Authenticate header field in other response</td><td> </td><td class="right">   server MAY generate a WWW-Authenticate header field in other response</td><td class="lineno" valign="top"></td></tr>
     204      <tr><td class="lineno" valign="top"></td><td class="left">   messages to indicate that supplying credentials (or different</td><td> </td><td class="right">   messages to indicate that supplying credentials (or different</td><td class="lineno" valign="top"></td></tr>
     205      <tr><td class="lineno" valign="top"></td><td class="left">   credentials) might affect the response.</td><td> </td><td class="right">   credentials) might affect the response.</td><td class="lineno" valign="top"></td></tr>
     206      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     207      <tr><td class="lineno" valign="top"></td><td class="left">   A proxy forwarding a response MUST NOT modify any WWW-Authenticate</td><td> </td><td class="right">   A proxy forwarding a response MUST NOT modify any WWW-Authenticate</td><td class="lineno" valign="top"></td></tr>
     208      <tr><td class="lineno" valign="top"></td><td class="left">   fields in that response.</td><td> </td><td class="right">   fields in that response.</td><td class="lineno" valign="top"></td></tr>
     209      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     210      <tr><td class="lineno" valign="top"></td><td class="left">   User agents are advised to take special care in parsing the field</td><td> </td><td class="right">   User agents are advised to take special care in parsing the field</td><td class="lineno" valign="top"></td></tr>
     211      <tr><td class="lineno" valign="top"></td><td class="left">   value, as it might contain more than one challenge, and each</td><td> </td><td class="right">   value, as it might contain more than one challenge, and each</td><td class="lineno" valign="top"></td></tr>
     212      <tr><td class="lineno" valign="top"></td><td class="left">   challenge can contain a comma-separated list of authentication</td><td> </td><td class="right">   challenge can contain a comma-separated list of authentication</td><td class="lineno" valign="top"></td></tr>
     213      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
     214      <tr bgcolor="gray" ><td></td><th><a name="part-l6" /><small>skipping to change at</small><em> page 11, line 20</em></th><th> </th><th><a name="part-r6" /><small>skipping to change at</small><em> page 10, line 25</em></th><td></td></tr>
     215      <tr><td class="lineno" valign="top"></td><td class="left">      and inherently flawed unless steps are taken to ensure that the</td><td> </td><td class="right">      and inherently flawed unless steps are taken to ensure that the</td><td class="lineno" valign="top"></td></tr>
     216      <tr><td class="lineno" valign="top"></td><td class="left">      connection cannot be used by any party other than the</td><td> </td><td class="right">      connection cannot be used by any party other than the</td><td class="lineno" valign="top"></td></tr>
     217      <tr><td class="lineno" valign="top"></td><td class="left">      authenticated user (see Section 2.3 of [RFC7230]).</td><td> </td><td class="right">      authenticated user (see Section 2.3 of [RFC7230]).</td><td class="lineno" valign="top"></td></tr>
     218      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     219      <tr><td class="lineno" valign="top"></td><td class="left">   o  The authentication parameter "realm" is reserved for defining</td><td> </td><td class="right">   o  The authentication parameter "realm" is reserved for defining</td><td class="lineno" valign="top"></td></tr>
     220      <tr><td class="lineno" valign="top"></td><td class="left">      protection spaces as described in Section 2.2.  New schemes MUST</td><td> </td><td class="right">      protection spaces as described in Section 2.2.  New schemes MUST</td><td class="lineno" valign="top"></td></tr>
     221      <tr><td class="lineno" valign="top"></td><td class="left">      NOT use it in a way incompatible with that definition.</td><td> </td><td class="right">      NOT use it in a way incompatible with that definition.</td><td class="lineno" valign="top"></td></tr>
     222      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     223      <tr><td class="lineno" valign="top"></td><td class="left">   o  The "token68" notation was introduced for compatibility with</td><td> </td><td class="right">   o  The "token68" notation was introduced for compatibility with</td><td class="lineno" valign="top"></td></tr>
     224      <tr><td class="lineno" valign="top"></td><td class="left">      existing authentication schemes and can only be used once per</td><td> </td><td class="right">      existing authentication schemes and can only be used once per</td><td class="lineno" valign="top"></td></tr>
     225      <tr><td><a name="diff0007" /></td></tr>
     226      <tr><td class="lineno" valign="top"></td><td class="lblock">      challenge or credential.  Thus, new schemes ought to use the <span class="delete">auth-</span></td><td> </td><td class="rblock">      challenge or credential.  Thus, new schemes ought to use the</td><td class="lineno" valign="top"></td></tr>
     227      <tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">      param</span> syntax instead, because otherwise future extensions will be</td><td> </td><td class="rblock">      <span class="insert">auth-param</span> syntax instead, because otherwise future extensions</td><td class="lineno" valign="top"></td></tr>
     228      <tr><td class="lineno" valign="top"></td><td class="lblock">      impossible.</td><td> </td><td class="rblock">      will be impossible.</td><td class="lineno" valign="top"></td></tr>
     229      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     230      <tr><td class="lineno" valign="top"></td><td class="left">   o  The parsing of challenges and credentials is defined by this</td><td> </td><td class="right">   o  The parsing of challenges and credentials is defined by this</td><td class="lineno" valign="top"></td></tr>
     231      <tr><td class="lineno" valign="top"></td><td class="left">      specification and cannot be modified by new authentication</td><td> </td><td class="right">      specification and cannot be modified by new authentication</td><td class="lineno" valign="top"></td></tr>
     232      <tr><td class="lineno" valign="top"></td><td class="left">      schemes.  When the auth-param syntax is used, all parameters ought</td><td> </td><td class="right">      schemes.  When the auth-param syntax is used, all parameters ought</td><td class="lineno" valign="top"></td></tr>
     233      <tr><td class="lineno" valign="top"></td><td class="left">      to support both token and quoted-string syntax, and syntactical</td><td> </td><td class="right">      to support both token and quoted-string syntax, and syntactical</td><td class="lineno" valign="top"></td></tr>
     234      <tr><td class="lineno" valign="top"></td><td class="left">      constraints ought to be defined on the field value after parsing</td><td> </td><td class="right">      constraints ought to be defined on the field value after parsing</td><td class="lineno" valign="top"></td></tr>
     235      <tr><td class="lineno" valign="top"></td><td class="left">      (i.e., quoted-string processing).  This is necessary so that</td><td> </td><td class="right">      (i.e., quoted-string processing).  This is necessary so that</td><td class="lineno" valign="top"></td></tr>
     236      <tr><td class="lineno" valign="top"></td><td class="left">      recipients can use a generic parser that applies to all</td><td> </td><td class="right">      recipients can use a generic parser that applies to all</td><td class="lineno" valign="top"></td></tr>
     237      <tr><td class="lineno" valign="top"></td><td class="left">      authentication schemes.</td><td> </td><td class="right">      authentication schemes.</td><td class="lineno" valign="top"></td></tr>
     238      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     239      <tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
     240      <tr bgcolor="gray" ><td></td><th><a name="part-l7" /><small>skipping to change at</small><em> page 17, line 35</em></th><th> </th><th><a name="part-r7" /><small>skipping to change at</small><em> page 18, line 8</em></th><td></td></tr>
    172241      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    173242      <tr><td class="lineno" valign="top"></td><td class="left">   quoted-string = &lt;quoted-string, see [RFC7230], Section 3.2.6&gt;</td><td> </td><td class="right">   quoted-string = &lt;quoted-string, see [RFC7230], Section 3.2.6&gt;</td><td class="lineno" valign="top"></td></tr>
     
    180249      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    181250      <tr><td class="lineno" valign="top"></td><td class="left">   4</td><td> </td><td class="right">   4</td><td class="lineno" valign="top"></td></tr>
    182       <tr><td><a name="diff0007" /></td></tr>
     251      <tr><td><a name="diff0008" /></td></tr>
    183252      <tr><td class="lineno" valign="top"></td><td class="lblock">      401 Unauthorized (status code)  <span class="delete">7</span></td><td> </td><td class="rblock">      401 Unauthorized (status code)  <span class="insert">6</span></td><td class="lineno" valign="top"></td></tr>
    184253      <tr><td class="lineno" valign="top"></td><td class="lblock">      407 Proxy Authentication Required (status code)  <span class="delete">7</span></td><td> </td><td class="rblock">      407 Proxy Authentication Required (status code)  <span class="insert">6</span></td><td class="lineno" valign="top"></td></tr>
    185254      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    186255      <tr><td class="lineno" valign="top"></td><td class="left">   A</td><td> </td><td class="right">   A</td><td class="lineno" valign="top"></td></tr>
    187       <tr><td><a name="diff0008" /></td></tr>
     256      <tr><td><a name="diff0009" /></td></tr>
    188257      <tr><td class="lineno" valign="top"></td><td class="lblock">      Authorization header field  <span class="delete">9</span></td><td> </td><td class="rblock">      Authorization header field  <span class="insert">8</span></td><td class="lineno" valign="top"></td></tr>
    189258      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    190259      <tr><td class="lineno" valign="top"></td><td class="left">   C</td><td> </td><td class="right">   C</td><td class="lineno" valign="top"></td></tr>
    191       <tr><td><a name="diff0009" /></td></tr>
     260      <tr><td><a name="diff0010" /></td></tr>
    192261      <tr><td class="lineno" valign="top"></td><td class="lblock">      Canonical Root URI  <span class="delete">6</span></td><td> </td><td class="rblock">      Canonical Root URI  <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
    193262      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    194263      <tr><td class="lineno" valign="top"></td><td class="left">   G</td><td> </td><td class="right">   G</td><td class="lineno" valign="top"></td></tr>
    195264      <tr><td class="lineno" valign="top"></td><td class="left">      Grammar</td><td> </td><td class="right">      Grammar</td><td class="lineno" valign="top"></td></tr>
    196       <tr><td><a name="diff0010" /></td></tr>
     265      <tr><td><a name="diff0011" /></td></tr>
    197266      <tr><td class="lineno" valign="top"></td><td class="lblock">         auth-param  <span class="delete">5</span></td><td> </td><td class="rblock">         auth-param  <span class="insert">4</span></td><td class="lineno" valign="top"></td></tr>
    198267      <tr><td class="lineno" valign="top"></td><td class="lblock">         auth-scheme  <span class="delete">5</span></td><td> </td><td class="rblock">         auth-scheme  <span class="insert">4</span></td><td class="lineno" valign="top"></td></tr>
     
    206275      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    207276      <tr><td class="lineno" valign="top"></td><td class="left">   P</td><td> </td><td class="right">   P</td><td class="lineno" valign="top"></td></tr>
    208       <tr><td><a name="diff0011" /></td></tr>
     277      <tr><td><a name="diff0012" /></td></tr>
    209278      <tr><td class="lineno" valign="top"></td><td class="lblock">      Protection Space  <span class="delete">6</span></td><td> </td><td class="rblock">      Protection Space  <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
    210279      <tr><td class="lineno" valign="top"></td><td class="lblock">      Proxy-Authenticate header field  <span class="delete">9</span></td><td> </td><td class="rblock">      Proxy-Authenticate header field  <span class="insert">8</span></td><td class="lineno" valign="top"></td></tr>
     
    212281      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    213282      <tr><td class="lineno" valign="top"></td><td class="left">   R</td><td> </td><td class="right">   R</td><td class="lineno" valign="top"></td></tr>
    214       <tr><td><a name="diff0012" /></td></tr>
     283      <tr><td><a name="diff0013" /></td></tr>
    215284      <tr><td class="lineno" valign="top"></td><td class="lblock">      Realm  <span class="delete">6</span></td><td> </td><td class="rblock">      Realm  <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
    216285      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
    217286      <tr><td class="lineno" valign="top"></td><td class="left">   W</td><td> </td><td class="right">   W</td><td class="lineno" valign="top"></td></tr>
    218       <tr><td><a name="diff0013" /></td></tr>
     287      <tr><td><a name="diff0014" /></td></tr>
    219288      <tr><td class="lineno" valign="top"></td><td class="lblock">      WWW-Authenticate header field  <span class="delete">8</span></td><td> </td><td class="rblock">      WWW-Authenticate header field  <span class="insert">7</span></td><td class="lineno" valign="top"></td></tr>
    220289      <tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
     
    230299
    231300     <tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr>
    232      <tr bgcolor="gray"><th colspan="5" align="center"><a name="end">&nbsp;End of changes. 13 change blocks.&nbsp;</a></th></tr>
    233      <tr class="stats"><td></td><th><i>68 lines changed or deleted</i></th><th><i> </i></th><th><i>54 lines changed or added</i></th><td></td></tr>
     301     <tr bgcolor="gray"><th colspan="5" align="center"><a name="end">&nbsp;End of changes. 14 change blocks.&nbsp;</a></th></tr>
     302     <tr class="stats"><td></td><th><i>76 lines changed or deleted</i></th><th><i> </i></th><th><i>62 lines changed or added</i></th><td></td></tr>
    234303     <tr><td colspan="5" align="center" class="small"><br/>This html diff was produced by rfcdiff 1.38. The latest version is available from <a href="http://www.tools.ietf.org/tools/rfcdiff/" >http://tools.ietf.org/tools/rfcdiff/</a> </td></tr>
    235304   </table>
  • draft-ietf-httpbis/latest/auth48/rfc7235.txt

    r2712 r2713  
     1
     2
     3
    14
    25
     
    69Obsoletes: 2616                                          J. Reschke, Ed.
    710Updates: 2617                                                 greenbytes
    8 Category: Standards Track                                       May 2014
     11Category: Standards Track                                      June 2014
    912ISSN: 2070-1721
    1013
     
    5659
    5760
    58 RFC 7235                 HTTP/1.1 Authentication                May 2014
     61RFC 7235                 HTTP/1.1 Authentication               June 2014
    5962
    6063
     
    7073Table of Contents
    7174
    72    1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
    73      1.1.  Conformance and Error Handling . . . . . . . . . . . . . .  3
    74      1.2.  Syntax Notation  . . . . . . . . . . . . . . . . . . . . .  3
    75    2.  Access Authentication Framework  . . . . . . . . . . . . . . .  3
    76      2.1.  Challenge and Response . . . . . . . . . . . . . . . . . .  3
    77      2.2.  Protection Space (Realm) . . . . . . . . . . . . . . . . .  5
    78    3.  Status Code Definitions  . . . . . . . . . . . . . . . . . . .  6
    79      3.1.  401 Unauthorized . . . . . . . . . . . . . . . . . . . . .  6
    80      3.2.  407 Proxy Authentication Required  . . . . . . . . . . . .  6
    81    4.  Header Field Definitions . . . . . . . . . . . . . . . . . . .  7
    82      4.1.  WWW-Authenticate . . . . . . . . . . . . . . . . . . . . .  7
    83      4.2.  Authorization  . . . . . . . . . . . . . . . . . . . . . .  8
    84      4.3.  Proxy-Authenticate . . . . . . . . . . . . . . . . . . . .  8
    85      4.4.  Proxy-Authorization  . . . . . . . . . . . . . . . . . . .  9
    86    5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  9
    87      5.1.  Authentication Scheme Registry . . . . . . . . . . . . . .  9
    88        5.1.1.  Procedure  . . . . . . . . . . . . . . . . . . . . . .  9
    89        5.1.2.  Considerations for New Authentication Schemes  . . . .  9
    90      5.2.  Status Code Registration . . . . . . . . . . . . . . . . . 11
    91      5.3.  Header Field Registration  . . . . . . . . . . . . . . . . 11
    92    6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 11
    93      6.1.  Confidentiality of Credentials . . . . . . . . . . . . . . 12
    94      6.2.  Authentication Credentials and Idle Clients  . . . . . . . 12
    95      6.3.  Protection Spaces  . . . . . . . . . . . . . . . . . . . . 13
    96    7.  Acknowledgments  . . . . . . . . . . . . . . . . . . . . . . . 13
    97    8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
    98      8.1.  Normative References . . . . . . . . . . . . . . . . . . . 14
    99      8.2.  Informative References . . . . . . . . . . . . . . . . . . 14
    100    Appendix A.  Changes from RFCs 2616 and 2617 . . . . . . . . . . . 15
    101    Appendix B.  Imported ABNF . . . . . . . . . . . . . . . . . . . . 15
    102    Appendix C.  Collected ABNF  . . . . . . . . . . . . . . . . . . . 15
    103    Index  . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
     75   1. Introduction ....................................................3
     76      1.1. Conformance and Error Handling .............................3
     77      1.2. Syntax Notation ............................................3
     78   2. Access Authentication Framework .................................3
     79      2.1. Challenge and Response .....................................3
     80      2.2. Protection Space (Realm) ...................................5
     81   3. Status Code Definitions .........................................6
     82      3.1. 401 Unauthorized ...........................................6
     83      3.2. 407 Proxy Authentication Required ..........................6
     84   4. Header Field Definitions ........................................7
     85      4.1. WWW-Authenticate ...........................................7
     86      4.2. Authorization ..............................................8
     87      4.3. Proxy-Authenticate .........................................8
     88      4.4. Proxy-Authorization ........................................9
     89   5. IANA Considerations .............................................9
     90      5.1. Authentication Scheme Registry .............................9
     91           5.1.1. Procedure ...........................................9
     92           5.1.2. Considerations for New Authentication Schemes ......10
     93      5.2. Status Code Registration ..................................11
     94      5.3. Header Field Registration .................................11
     95   6. Security Considerations ........................................12
     96      6.1. Confidentiality of Credentials ............................12
     97      6.2. Authentication Credentials and Idle Clients ...............12
     98      6.3. Protection Spaces .........................................13
     99   7. Acknowledgments ................................................14
     100   8. References .....................................................14
     101      8.1. Normative References ......................................14
     102      8.2. Informative References ....................................14
     103   Appendix A. Changes from RFCs 2616 and 2617 .......................16
     104   Appendix B. Imported ABNF .........................................16
     105   Appendix C. Collected ABNF ........................................17
     106   Index .............................................................18
    104107
    105108
     
    113116
    114117
    115 RFC 7235                 HTTP/1.1 Authentication                May 2014
     118RFC 7235                 HTTP/1.1 Authentication               June 2014
    116119
    117120
     
    163166   insensitive token as a means to identify the authentication scheme,
    164167   followed by additional information necessary for achieving
     168
     169
     170
     171
     172Fielding & Reschke           Standards Track                    [Page 3]
     173
     174
     175RFC 7235                 HTTP/1.1 Authentication               June 2014
     176
     177
    165178   authentication via that scheme.  The latter can be either a comma-
    166 
    167 
    168 
    169 Fielding & Reschke           Standards Track                    [Page 3]
    170 
    171 
    172 RFC 7235                 HTTP/1.1 Authentication                May 2014
    173 
    174 
    175179   separated list of parameters or a single sequence of characters
    176180   capable of holding base64-encoded information.
     
    194198
    195199   A 401 (Unauthorized) response message is used by an origin server to
    196    challenge the authorization of a user agent, including a WWW-
    197    Authenticate header field containing at least one challenge
     200   challenge the authorization of a user agent, including a
     201   WWW-Authenticate header field containing at least one challenge
    198202   applicable to the requested resource.
    199203
    200204   A 407 (Proxy Authentication Required) response message is used by a
    201    proxy to challenge the authorization of a client, including a Proxy-
    202    Authenticate header field containing at least one challenge
     205   proxy to challenge the authorization of a client, including a
     206   Proxy-Authenticate header field containing at least one challenge
    203207   applicable to the proxy for the requested resource.
    204208
     
    219223   field with the request.
    220224
     225
     226
     227
     228
     229Fielding & Reschke           Standards Track                    [Page 4]
     230
     231
     232RFC 7235                 HTTP/1.1 Authentication               June 2014
     233
     234
    221235   Both the Authorization field value and the Proxy-Authorization field
    222236   value contain the client's credentials for the realm of the resource
    223 
    224 
    225 
    226 Fielding & Reschke           Standards Track                    [Page 4]
    227 
    228 
    229 RFC 7235                 HTTP/1.1 Authentication                May 2014
    230 
    231 
    232237   being requested, based upon a challenge received in a response
    233238   (possibly at some point in the past).  When creating their values,
     
    276281   the realm value if present.  These realms allow the protected
    277282   resources on a server to be partitioned into a set of protection
     283
     284
     285
     286Fielding & Reschke           Standards Track                    [Page 5]
     287
     288
     289RFC 7235                 HTTP/1.1 Authentication               June 2014
     290
     291
    278292   spaces, each with its own authentication scheme and/or authorization
    279293   database.  The realm value is a string, generally assigned by the
    280 
    281 
    282 
    283 Fielding & Reschke           Standards Track                    [Page 5]
    284 
    285 
    286 RFC 7235                 HTTP/1.1 Authentication                May 2014
    287 
    288 
    289294   origin server, that can have additional semantics specific to the
    290295   authentication scheme.  Note that a response can have multiple
     
    301306
    302307   For historical reasons, a sender MUST only generate the quoted-string
    303    syntax.  Recipients might have to support both token and quoted-
    304    string syntax for maximum interoperability with existing clients that
    305    have been accepting both notations for a long time.
     308   syntax.  Recipients might have to support both token and
     309   quoted-string syntax for maximum interoperability with existing
     310   clients that have been accepting both notations for a long time.
    306311
    3073123.  Status Code Definitions
     
    336341
    337342
    338 
    339 
    340343Fielding & Reschke           Standards Track                    [Page 6]
    341344
    342345
    343 RFC 7235                 HTTP/1.1 Authentication                May 2014
     346RFC 7235                 HTTP/1.1 Authentication               June 2014
    344347
    345348
     
    356359     WWW-Authenticate = 1#challenge
    357360
    358    A server generating a 401 (Unauthorized) response MUST send a WWW-
    359    Authenticate header field containing at least one challenge.  A
     361   A server generating a 401 (Unauthorized) response MUST send a
     362   WWW-Authenticate header field containing at least one challenge.  A
    360363   server MAY generate a WWW-Authenticate header field in other response
    361364   messages to indicate that supplying credentials (or different
     
    398401
    399402
    400 RFC 7235                 HTTP/1.1 Authentication                May 2014
     403RFC 7235                 HTTP/1.1 Authentication               June 2014
    401404
    402405
     
    455458
    456459
    457 RFC 7235                 HTTP/1.1 Authentication                May 2014
     460RFC 7235                 HTTP/1.1 Authentication               June 2014
    458461
    459462
     
    499502   [RFC5226], Section 4.1).
    500503
     504
     505
     506
     507
     508
     509
     510
     511
     512
     513
     514Fielding & Reschke           Standards Track                    [Page 9]
     515
     516
     517RFC 7235                 HTTP/1.1 Authentication               June 2014
     518
     519
    5015205.1.2.  Considerations for New Authentication Schemes
    502521
    503522   There are certain aspects of the HTTP Authentication Framework that
    504523   put constraints on how new authentication schemes can work:
    505 
    506 
    507 
    508 
    509 
    510 
    511 Fielding & Reschke           Standards Track                    [Page 9]
    512 
    513 
    514 RFC 7235                 HTTP/1.1 Authentication                May 2014
    515 
    516524
    517525   o  HTTP authentication is presumed to be stateless: all of the
     
    530538   o  The "token68" notation was introduced for compatibility with
    531539      existing authentication schemes and can only be used once per
    532       challenge or credential.  Thus, new schemes ought to use the auth-
    533       param syntax instead, because otherwise future extensions will be
    534       impossible.
     540      challenge or credential.  Thus, new schemes ought to use the
     541      auth-param syntax instead, because otherwise future extensions
     542      will be impossible.
    535543
    536544   o  The parsing of challenges and credentials is defined by this
     
    559567      and/or proxy authentication (i.e., using Proxy-Authenticate).
    560568
     569
     570
     571Fielding & Reschke           Standards Track                   [Page 10]
     572
     573
     574RFC 7235                 HTTP/1.1 Authentication               June 2014
     575
     576
    561577   o  The credentials carried in an Authorization header field are
    562578      specific to the user agent and, therefore, have the same effect on
    563579      HTTP caches as the "private" Cache-Control response directive
    564580      (Section 5.2.2.6 of [RFC7234]), within the scope of the request in
    565 
    566 
    567 
    568 Fielding & Reschke           Standards Track                   [Page 10]
    569 
    570 
    571 RFC 7235                 HTTP/1.1 Authentication                May 2014
    572 
    573 
    574581      which they appear.
    575582
     
    616623   Engineering Task Force".
    617624
     625
     626
     627
     628Fielding & Reschke           Standards Track                   [Page 11]
     629
     630
     631RFC 7235                 HTTP/1.1 Authentication               June 2014
     632
     633
    6186346.  Security Considerations
    619635
    620636   This section is meant to inform developers, information providers,
    621637   and users of known security concerns specific to HTTP authentication.
    622 
    623 
    624 
    625 Fielding & Reschke           Standards Track                   [Page 11]
    626 
    627 
    628 RFC 7235                 HTTP/1.1 Authentication                May 2014
    629 
    630 
    631638   More general security considerations are addressed in HTTP messaging
    632639   [RFC7230] and semantics [RFC7231].
     
    673680   origin server to direct clients to discard these cached credentials,
    674681   since the protocol has no awareness of how credentials are obtained
     682
     683
     684
     685Fielding & Reschke           Standards Track                   [Page 12]
     686
     687
     688RFC 7235                 HTTP/1.1 Authentication               June 2014
     689
     690
    675691   or managed by the user agent.  The mechanisms for expiring or
    676692   revoking credentials can be specified as part of an authentication
    677693   scheme definition.
    678 
    679 
    680 
    681 
    682 Fielding & Reschke           Standards Track                   [Page 12]
    683 
    684 
    685 RFC 7235                 HTTP/1.1 Authentication                May 2014
    686 
    687694
    688695   Circumstances under which credential caching can interfere with the
     
    720727   each party.
    721728
     729
     730
     731
     732
     733
     734
     735
     736
     737
     738
     739
     740
     741
     742Fielding & Reschke           Standards Track                   [Page 13]
     743
     744
     745RFC 7235                 HTTP/1.1 Authentication               June 2014
     746
     747
    7227487.  Acknowledgments
    723749
     
    7347608.  References
    735761
    736 
    737 
    738 
    739 Fielding & Reschke           Standards Track                   [Page 13]
    740 
    741 
    742 RFC 7235                 HTTP/1.1 Authentication                May 2014
    743 
    744 
    7457628.1.  Normative References
    746763
     
    753770   [RFC7230]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
    754771              Protocol (HTTP/1.1): Message Syntax and Routing",
    755               RFC 7230, May 2014.
     772              RFC 7230, June 2014.
    756773
    757774   [RFC7231]  Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
    758775              Protocol (HTTP/1.1): Semantics and Content", RFC 7231,
    759               May 2014.
     776              June 2014.
    760777
    761778   [RFC7234]  Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
    762779              Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching",
    763               RFC 7234, May 2014.
     780              RFC 7234, June 2014.
    764781
    7657828.2.  Informative References
     
    778795              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.
    779796
     797
     798
     799Fielding & Reschke           Standards Track                   [Page 14]
     800
     801
     802RFC 7235                 HTTP/1.1 Authentication               June 2014
     803
     804
    780805   [RFC2617]  Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S.,
    781806              Leach, P., Luotonen, A., and L. Stewart, "HTTP
     
    791816
    792817   [RFC5226]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
    793 
    794 
    795 
    796 Fielding & Reschke           Standards Track                   [Page 14]
    797 
    798 
    799 RFC 7235                 HTTP/1.1 Authentication                May 2014
    800 
    801 
    802818              IANA Considerations Section in RFCs", BCP 26, RFC 5226,
    803819              May 2008.
     
    805821   [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
    806822              (TLS) Protocol Version 1.2", RFC 5246, August 2008.
     823
     824
     825
     826
     827
     828
     829
     830
     831
     832
     833
     834
     835
     836
     837
     838
     839
     840
     841
     842
     843
     844
     845
     846
     847
     848
     849
     850
     851
     852
     853
     854
     855
     856Fielding & Reschke           Standards Track                   [Page 15]
     857
     858
     859RFC 7235                 HTTP/1.1 Authentication               June 2014
     860
    807861
    808862Appendix A.  Changes from RFCs 2616 and 2617
     
    839893     token         = <token, see [RFC7230], Section 3.2.6>
    840894
     895
     896
     897
     898
     899
     900
     901
     902
     903
     904
     905
     906
     907
     908
     909
     910
     911
     912
     913Fielding & Reschke           Standards Track                   [Page 16]
     914
     915
     916RFC 7235                 HTTP/1.1 Authentication               June 2014
     917
     918
    841919Appendix C.  Collected ABNF
    842920
    843921   In the collected ABNF below, list rules are expanded as per Section
    844922   1.2 of [RFC7230].
    845 
    846 
    847 
    848 
    849 
    850 
    851 
    852 
    853 Fielding & Reschke           Standards Track                   [Page 15]
    854 
    855 
    856 RFC 7235                 HTTP/1.1 Authentication                May 2014
    857 
    858923
    859924   Authorization = credentials
     
    883948   token68 = 1*( ALPHA / DIGIT / "-" / "." / "_" / "~" / "+" / "/" )
    884949    *"="
     950
     951
     952
     953
     954
     955
     956
     957
     958
     959
     960
     961
     962
     963
     964
     965
     966
     967
     968
     969
     970Fielding & Reschke           Standards Track                   [Page 17]
     971
     972
     973RFC 7235                 HTTP/1.1 Authentication               June 2014
     974
    885975
    886976Index
     
    905995         Proxy-Authenticate  8
    906996         Proxy-Authorization  9
    907 
    908 
    909 
    910 Fielding & Reschke           Standards Track                   [Page 16]
    911 
    912 
    913 RFC 7235                 HTTP/1.1 Authentication                May 2014
    914 
    915 
    916997         token68  4
    917998         WWW-Authenticate  7
     
    9271008   W
    9281009      WWW-Authenticate header field  7
     1010
     1011
     1012
     1013
     1014
     1015
     1016
     1017
     1018
     1019
     1020
     1021
     1022
     1023
     1024
     1025
     1026
     1027Fielding & Reschke           Standards Track                   [Page 18]
     1028
     1029
     1030RFC 7235                 HTTP/1.1 Authentication               June 2014
     1031
    9291032
    9301033Authors' Addresses
     
    9651068
    9661069
    967 Fielding & Reschke           Standards Track                   [Page 17]
    968 
    969 
     1070
     1071
     1072
     1073
     1074
     1075
     1076
     1077
     1078
     1079
     1080
     1081
     1082
     1083
     1084Fielding & Reschke           Standards Track                   [Page 19]
     1085
     1086
Note: See TracChangeset for help on using the changeset viewer.