Changeset 365
- Timestamp:
- 13/11/08 18:28:51 (14 years ago)
- Location:
- draft-ietf-httpbis/latest
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p7-auth.html
r345 r365 471 471 <tr> 472 472 <td class="header left"></td> 473 <td class="header right">November 1 1, 2008</td>473 <td class="header right">November 13, 2008</td> 474 474 </tr> 475 475 </table> … … 571 571 </p> 572 572 <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a> <a id="notation" href="#notation">Notational Conventions and Generic Grammar</a></h1> 573 <p id="rfc.section.2.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation.abnf" title="A ugmented BNF">Section 2.1</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. <span class="comment">[abnf.dep: ABNF syntax and basic rules will be adopted from RFC 5234, see <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>>.]</span>573 <p id="rfc.section.2.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation.abnf" title="ABNF Extensions">Section 2.1</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. <span class="comment">[abnf.dep: ABNF syntax and basic rules will be adopted from RFC 5234, see <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>>.]</span> 574 574 </p> 575 575 <div id="abnf.dependencies"> 576 <p id="rfc.section.2.p.2"> The ABNF rules below are defined in other specifications:</p>576 <p id="rfc.section.2.p.2"> The ABNF rules below are defined in other specifications:</p> 577 577 </div> 578 <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span> <a href="#abnf.dependencies" class="smpl">challenge</a> = <challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>> 578 <div id="rfc.figure.u.1"></div><pre class="inline"> <a href="#abnf.dependencies" class="smpl">BWS</a> = <BWS, defined in <a href="#Part1" id="rfc.xref.Part1.2"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>> 579 <a href="#abnf.dependencies" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.3"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>> 580 <a href="#abnf.dependencies" class="smpl">RWS</a> = <RWS, defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>> 581 </pre><div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span> <a href="#abnf.dependencies" class="smpl">challenge</a> = <challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>> 579 582 <a href="#abnf.dependencies" class="smpl">credentials</a> = <credentials, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>> 580 583 </pre><h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a> Status Code Definitions … … 600 603 <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a> <a id="header.authorization" href="#header.authorization">Authorization</a></h2> 601 604 <p id="rfc.section.4.1.p.1">A user agent that wishes to authenticate itself with a server-- usually, but not necessarily, after receiving a 401 response--does 602 so by including an Authorization request-header field with the request. The Authorization field valueconsists of credentials605 so by including an Authorization request-header field with the request. The field "Authorization" consists of credentials 603 606 containing the authentication information of the user agent for the realm of the resource being requested. 604 607 </p> 605 <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.3"></span> <a href="#header.authorization" class="smpl">Authorization</a> = "Authorization" ":" <a href="#abnf.dependencies" class="smpl">credentials</a> 608 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.3"></span><span id="rfc.iref.g.4"></span> <a href="#header.authorization" class="smpl">Authorization</a> = "Authorization" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.authorization" class="smpl">Authorization-v</a> 609 <a href="#header.authorization" class="smpl">Authorization-v</a> = <a href="#abnf.dependencies" class="smpl">credentials</a> 606 610 </pre><p id="rfc.section.4.1.p.3">HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.7"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. If a request is authenticated and a realm specified, the same credentials <em class="bcp14">SHOULD</em> be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise, 607 611 such as credentials that vary according to a challenge value or using synchronized clocks). … … 623 627 <div id="rfc.iref.h.2"></div> 624 628 <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a> <a id="header.proxy-authenticate" href="#header.proxy-authenticate">Proxy-Authenticate</a></h2> 625 <p id="rfc.section.4.2.p.1">The Proxy-Authenticate response-header field<em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates629 <p id="rfc.section.4.2.p.1">The response-header field "Proxy-Authenticate" <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates 626 630 the authentication scheme and parameters applicable to the proxy for this Request-URI. 627 631 </p> 628 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.4"></span> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = "Proxy-Authenticate" ":" 1#<a href="#abnf.dependencies" class="smpl">challenge</a> 632 <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span><span id="rfc.iref.g.6"></span> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = "Proxy-Authenticate" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate-v</a> 633 <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate-v</a> = 1#<a href="#abnf.dependencies" class="smpl">challenge</a> 629 634 </pre><p id="rfc.section.4.2.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.8"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting 630 635 them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate … … 634 639 <div id="rfc.iref.h.3"></div> 635 640 <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a> <a id="header.proxy-authorization" href="#header.proxy-authorization">Proxy-Authorization</a></h2> 636 <p id="rfc.section.4.3.p.1">The Proxy-Authorization request-header fieldallows the client to identify itself (or its user) to a proxy which requires641 <p id="rfc.section.4.3.p.1">The request-header field "Proxy-Authorization" allows the client to identify itself (or its user) to a proxy which requires 637 642 authentication. The Proxy-Authorization field value consists of credentials containing the authentication information of the 638 643 user agent for the proxy and/or realm of the resource being requested. 639 644 </p> 640 <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span> <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = "Proxy-Authorization" ":" <a href="#abnf.dependencies" class="smpl">credentials</a> 645 <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.7"></span><span id="rfc.iref.g.8"></span> <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = "Proxy-Authorization" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization-v</a> 646 <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization-v</a> = <a href="#abnf.dependencies" class="smpl">credentials</a> 641 647 </pre><p id="rfc.section.4.3.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.9"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike Authorization, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication 642 648 using the Proxy-Authenticate field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed … … 650 656 authentication scheme(s) and parameters applicable to the Request-URI. 651 657 </p> 652 <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.6"></span> <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> = "WWW-Authenticate" ":" 1#<a href="#abnf.dependencies" class="smpl">challenge</a> 658 <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.9"></span><span id="rfc.iref.g.10"></span> <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> = "WWW-Authenticate" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.www-authenticate" class="smpl">WWW-Authenticate-v</a> 659 <a href="#header.www-authenticate" class="smpl">WWW-Authenticate-v</a> = 1#<a href="#abnf.dependencies" class="smpl">challenge</a> 653 660 </pre><p id="rfc.section.4.4.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.10"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one 654 661 challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a … … 816 823 <h2 id="rfc.section.B.5"><a href="#rfc.section.B.5">B.5</a> <a id="changes.since.03" href="#changes.since.03">Since draft-ietf-httpbis-p7-auth-03</a></h2> 817 824 <h2 id="rfc.section.B.6"><a href="#rfc.section.B.6">B.6</a> <a id="changes.since.04" href="#changes.since.04">Since draft-ietf-httpbis-p7-auth-04</a></h2> 825 <p id="rfc.section.B.6.p.1">Ongoing work on ABNF conversion (<<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>>): 826 </p> 827 <ul> 828 <li>Use "/" instead of "|" for alternatives.</li> 829 <li>Introduce new ABNF rules for "bad" whitespace ("BWS"), optional whitespace ("OWS") and required whitespace ("RWS").</li> 830 <li>Rewrite ABNFs to spell out whitespace rules, factor out header value format definitions.</li> 831 </ul> 818 832 <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1> 819 833 <p>This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the … … 858 872 <ul class="ind"> 859 873 <li class="indline1"><tt>Authorization</tt> <a class="iref" href="#rfc.iref.g.3"><b>4.1</b></a></li> 874 <li class="indline1"><tt>Authorization-v</tt> <a class="iref" href="#rfc.iref.g.4"><b>4.1</b></a></li> 860 875 <li class="indline1"><tt>challenge</tt> <a class="iref" href="#rfc.iref.g.1"><b>2</b></a></li> 861 876 <li class="indline1"><tt>credentials</tt> <a class="iref" href="#rfc.iref.g.2"><b>2</b></a></li> 862 <li class="indline1"><tt>Proxy-Authenticate</tt> <a class="iref" href="#rfc.iref.g.4"><b>4.2</b></a></li> 863 <li class="indline1"><tt>Proxy-Authorization</tt> <a class="iref" href="#rfc.iref.g.5"><b>4.3</b></a></li> 864 <li class="indline1"><tt>WWW-Authenticate</tt> <a class="iref" href="#rfc.iref.g.6"><b>4.4</b></a></li> 877 <li class="indline1"><tt>Proxy-Authenticate</tt> <a class="iref" href="#rfc.iref.g.5"><b>4.2</b></a></li> 878 <li class="indline1"><tt>Proxy-Authenticate-v</tt> <a class="iref" href="#rfc.iref.g.6"><b>4.2</b></a></li> 879 <li class="indline1"><tt>Proxy-Authorization</tt> <a class="iref" href="#rfc.iref.g.7"><b>4.3</b></a></li> 880 <li class="indline1"><tt>Proxy-Authorization-v</tt> <a class="iref" href="#rfc.iref.g.8"><b>4.3</b></a></li> 881 <li class="indline1"><tt>WWW-Authenticate</tt> <a class="iref" href="#rfc.iref.g.9"><b>4.4</b></a></li> 882 <li class="indline1"><tt>WWW-Authenticate-v</tt> <a class="iref" href="#rfc.iref.g.10"><b>4.4</b></a></li> 865 883 </ul> 866 884 </li> … … 879 897 </li> 880 898 <li class="indline0"><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul class="ind"> 881 <li class="indline1"><em>Part1</em> <a class="iref" href="#rfc.xref.Part1.1">2</a>, <a class="iref" href="# Part1"><b>8.1</b></a><ul class="ind">899 <li class="indline1"><em>Part1</em> <a class="iref" href="#rfc.xref.Part1.1">2</a>, <a class="iref" href="#rfc.xref.Part1.2">2</a>, <a class="iref" href="#rfc.xref.Part1.3">2</a>, <a class="iref" href="#rfc.xref.Part1.4">2</a>, <a class="iref" href="#Part1"><b>8.1</b></a><ul class="ind"> 882 900 <li class="indline1"><em>Section 2.1</em> <a class="iref" href="#rfc.xref.Part1.1">2</a></li> 901 <li class="indline1"><em>Section 2.2</em> <a class="iref" href="#rfc.xref.Part1.2">2</a>, <a class="iref" href="#rfc.xref.Part1.3">2</a>, <a class="iref" href="#rfc.xref.Part1.4">2</a></li> 883 902 </ul> 884 903 </li> -
draft-ietf-httpbis/latest/p7-auth.xml
r345 r365 249 249 <x:anchor-alias value="challenge"/> 250 250 <x:anchor-alias value="credentials"/> 251 <x:anchor-alias value="BWS"/> 252 <x:anchor-alias value="OWS"/> 253 <x:anchor-alias value="RWS"/> 251 254 The ABNF rules below are defined in other specifications: 252 255 </t> 256 <figure><artwork type="abnf2616"> 257 <x:ref>BWS</x:ref> = <BWS, defined in &basic-rules;> 258 <x:ref>OWS</x:ref> = <OWS, defined in &basic-rules;> 259 <x:ref>RWS</x:ref> = <RWS, defined in &basic-rules;> 260 </artwork></figure> 253 261 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="challenge"/><iref primary="true" item="Grammar" subitem="credentials"/> 254 262 <x:ref>challenge</x:ref> = <challenge, defined in <xref target="RFC2617" x:fmt="," x:sec="1.2"/>> … … 304 312 <iref primary="true" item="Headers" subitem="Authorization" x:for-anchor=""/> 305 313 <x:anchor-alias value="Authorization"/> 314 <x:anchor-alias value="Authorization-v"/> 306 315 <t> 307 316 A user agent that wishes to authenticate itself with a server-- 308 317 usually, but not necessarily, after receiving a 401 response--does 309 318 so by including an Authorization request-header field with the 310 request. The Authorization field valueconsists of credentials319 request. The field "Authorization" consists of credentials 311 320 containing the authentication information of the user agent for 312 321 the realm of the resource being requested. 313 322 </t> 314 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Authorization"/> 315 <x:ref>Authorization</x:ref> = "Authorization" ":" <x:ref>credentials</x:ref> 323 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Authorization"/><iref primary="true" item="Grammar" subitem="Authorization-v"/> 324 <x:ref>Authorization</x:ref> = "Authorization" <x:ref>BWS</x:ref> ":" <x:ref>OWS</x:ref> <x:ref>Authorization-v</x:ref> 325 <x:ref>Authorization-v</x:ref> = <x:ref>credentials</x:ref> 316 326 </artwork></figure> 317 327 <t> … … 359 369 <iref primary="true" item="Headers" subitem="Proxy-Authenticate" x:for-anchor=""/> 360 370 <x:anchor-alias value="Proxy-Authenticate"/> 361 <t> 362 The Proxy-Authenticate response-header field &MUST; be included as part 371 <x:anchor-alias value="Proxy-Authenticate-v"/> 372 <t> 373 The response-header field "Proxy-Authenticate" &MUST; be included as part 363 374 of a 407 (Proxy Authentication Required) response. The field value 364 375 consists of a challenge that indicates the authentication scheme and 365 376 parameters applicable to the proxy for this Request-URI. 366 377 </t> 367 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Proxy-Authenticate"/> 368 <x:ref>Proxy-Authenticate</x:ref> = "Proxy-Authenticate" ":" 1#<x:ref>challenge</x:ref> 378 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Proxy-Authenticate"/><iref primary="true" item="Grammar" subitem="Proxy-Authenticate-v"/> 379 <x:ref>Proxy-Authenticate</x:ref> = "Proxy-Authenticate" <x:ref>BWS</x:ref> ":" <x:ref>OWS</x:ref> <x:ref>Proxy-Authenticate-v</x:ref> 380 <x:ref>Proxy-Authenticate-v</x:ref> = 1#<x:ref>challenge</x:ref> 369 381 </artwork></figure> 370 382 <t> … … 384 396 <iref primary="true" item="Headers" subitem="Proxy-Authorization" x:for-anchor=""/> 385 397 <x:anchor-alias value="Proxy-Authorization"/> 386 <t> 387 The Proxy-Authorization request-header field allows the client to 398 <x:anchor-alias value="Proxy-Authorization-v"/> 399 <t> 400 The request-header field "Proxy-Authorization" allows the client to 388 401 identify itself (or its user) to a proxy which requires 389 402 authentication. The Proxy-Authorization field value consists of … … 391 404 agent for the proxy and/or realm of the resource being requested. 392 405 </t> 393 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Proxy-Authorization"/> 394 <x:ref>Proxy-Authorization</x:ref> = "Proxy-Authorization" ":" <x:ref>credentials</x:ref> 406 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Proxy-Authorization"/><iref primary="true" item="Grammar" subitem="Proxy-Authorization-v"/> 407 <x:ref>Proxy-Authorization</x:ref> = "Proxy-Authorization" <x:ref>BWS</x:ref> ":" <x:ref>OWS</x:ref> <x:ref>Proxy-Authorization-v</x:ref> 408 <x:ref>Proxy-Authorization-v</x:ref> = <x:ref>credentials</x:ref> 395 409 </artwork></figure> 396 410 <t> … … 412 426 <iref primary="true" item="Headers" subitem="WWW-Authenticate" x:for-anchor=""/> 413 427 <x:anchor-alias value="WWW-Authenticate"/> 428 <x:anchor-alias value="WWW-Authenticate-v"/> 414 429 <t> 415 430 The WWW-Authenticate response-header field &MUST; be included in 401 … … 418 433 parameters applicable to the Request-URI. 419 434 </t> 420 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="WWW-Authenticate"/> 421 <x:ref>WWW-Authenticate</x:ref> = "WWW-Authenticate" ":" 1#<x:ref>challenge</x:ref> 435 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="WWW-Authenticate"/><iref primary="true" item="Grammar" subitem="WWW-Authenticate-v"/> 436 <x:ref>WWW-Authenticate</x:ref> = "WWW-Authenticate" <x:ref>BWS</x:ref> ":" <x:ref>OWS</x:ref> <x:ref>WWW-Authenticate-v</x:ref> 437 <x:ref>WWW-Authenticate-v</x:ref> = 1#<x:ref>challenge</x:ref> 422 438 </artwork></figure> 423 439 <t> … … 792 808 <section title="Since draft-ietf-httpbis-p7-auth-04" anchor="changes.since.04"> 793 809 <t> 810 Ongoing work on ABNF conversion (<eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/36"/>): 811 <list style="symbols"> 812 <t> 813 Use "/" instead of "|" for alternatives. 814 </t> 815 <t> 816 Introduce new ABNF rules for "bad" whitespace ("BWS"), optional 817 whitespace ("OWS") and required whitespace ("RWS"). 818 </t> 819 <t> 820 Rewrite ABNFs to spell out whitespace rules, factor out 821 header value format definitions. 822 </t> 823 </list> 794 824 </t> 795 825 </section>
Note: See TracChangeset
for help on using the changeset viewer.