Ignore:
Timestamp:
Nov 13, 2008, 10:28:51 AM (11 years ago)
Author:
julian.reschke@…
Message:

Rewrite header ABNFs to spell out whitespace rules, factor out value format definitions. (related to #36)

File:
1 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p7-auth.html

    r345 r365  
    471471         <tr>
    472472            <td class="header left"></td>
    473             <td class="header right">November 11, 2008</td>
     473            <td class="header right">November 13, 2008</td>
    474474         </tr>
    475475      </table>
     
    571571      </p>
    572572      <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="notation" href="#notation">Notational Conventions and Generic Grammar</a></h1>
    573       <p id="rfc.section.2.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation.abnf" title="Augmented BNF">Section 2.1</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. <span class="comment">[abnf.dep: ABNF syntax and basic rules will be adopted from RFC 5234, see &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>&gt;.]</span>
     573      <p id="rfc.section.2.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation.abnf" title="ABNF Extensions">Section 2.1</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. <span class="comment">[abnf.dep: ABNF syntax and basic rules will be adopted from RFC 5234, see &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>&gt;.]</span>
    574574      </p>
    575575      <div id="abnf.dependencies">
    576          <p id="rfc.section.2.p.2">    The ABNF rules below are defined in other specifications:</p>
     576         <p id="rfc.section.2.p.2">          The ABNF rules below are defined in other specifications:</p>
    577577      </div>
    578       <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span>  <a href="#abnf.dependencies" class="smpl">challenge</a>   = &lt;challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>&gt;
     578      <div id="rfc.figure.u.1"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">BWS</a>           = &lt;BWS, defined in <a href="#Part1" id="rfc.xref.Part1.2"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>&gt;
     579  <a href="#abnf.dependencies" class="smpl">OWS</a>           = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.3"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>&gt;
     580  <a href="#abnf.dependencies" class="smpl">RWS</a>           = &lt;RWS, defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>&gt;
     581</pre><div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span>  <a href="#abnf.dependencies" class="smpl">challenge</a>   = &lt;challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>&gt;
    579582  <a href="#abnf.dependencies" class="smpl">credentials</a> = &lt;credentials, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>&gt;
    580583</pre><h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;Status Code Definitions
     
    600603      <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a>&nbsp;<a id="header.authorization" href="#header.authorization">Authorization</a></h2>
    601604      <p id="rfc.section.4.1.p.1">A user agent that wishes to authenticate itself with a server-- usually, but not necessarily, after receiving a 401 response--does
    602          so by including an Authorization request-header field with the request. The Authorization field value consists of credentials
     605         so by including an Authorization request-header field with the request. The field "Authorization" consists of credentials
    603606         containing the authentication information of the user agent for the realm of the resource being requested.
    604607      </p>
    605       <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.3"></span>  <a href="#header.authorization" class="smpl">Authorization</a>  = "Authorization" ":" <a href="#abnf.dependencies" class="smpl">credentials</a>
     608      <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.3"></span><span id="rfc.iref.g.4"></span>  <a href="#header.authorization" class="smpl">Authorization</a>   = "Authorization" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.authorization" class="smpl">Authorization-v</a>
     609  <a href="#header.authorization" class="smpl">Authorization-v</a> = <a href="#abnf.dependencies" class="smpl">credentials</a>
    606610</pre><p id="rfc.section.4.1.p.3">HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.7"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. If a request is authenticated and a realm specified, the same credentials <em class="bcp14">SHOULD</em> be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise,
    607611         such as credentials that vary according to a challenge value or using synchronized clocks).
     
    623627      <div id="rfc.iref.h.2"></div>
    624628      <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a>&nbsp;<a id="header.proxy-authenticate" href="#header.proxy-authenticate">Proxy-Authenticate</a></h2>
    625       <p id="rfc.section.4.2.p.1">The Proxy-Authenticate response-header field <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates
     629      <p id="rfc.section.4.2.p.1">The response-header field "Proxy-Authenticate" <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates
    626630         the authentication scheme and parameters applicable to the proxy for this Request-URI.
    627631      </p>
    628       <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.4"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a>  = "Proxy-Authenticate" ":" 1#<a href="#abnf.dependencies" class="smpl">challenge</a>
     632      <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span><span id="rfc.iref.g.6"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a>   = "Proxy-Authenticate" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate-v</a>
     633  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate-v</a> = 1#<a href="#abnf.dependencies" class="smpl">challenge</a>
    629634</pre><p id="rfc.section.4.2.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.8"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting
    630635         them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate
     
    634639      <div id="rfc.iref.h.3"></div>
    635640      <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a>&nbsp;<a id="header.proxy-authorization" href="#header.proxy-authorization">Proxy-Authorization</a></h2>
    636       <p id="rfc.section.4.3.p.1">The Proxy-Authorization request-header field allows the client to identify itself (or its user) to a proxy which requires
     641      <p id="rfc.section.4.3.p.1">The request-header field "Proxy-Authorization" allows the client to identify itself (or its user) to a proxy which requires
    637642         authentication. The Proxy-Authorization field value consists of credentials containing the authentication information of the
    638643         user agent for the proxy and/or realm of the resource being requested.
    639644      </p>
    640       <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a>     = "Proxy-Authorization" ":" <a href="#abnf.dependencies" class="smpl">credentials</a>
     645      <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.7"></span><span id="rfc.iref.g.8"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a>     = "Proxy-Authorization" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization-v</a>
     646  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization-v</a>   = <a href="#abnf.dependencies" class="smpl">credentials</a>
    641647</pre><p id="rfc.section.4.3.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.9"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike Authorization, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication
    642648         using the Proxy-Authenticate field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed
     
    650656         authentication scheme(s) and parameters applicable to the Request-URI.
    651657      </p>
    652       <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.6"></span>  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a>  = "WWW-Authenticate" ":" 1#<a href="#abnf.dependencies" class="smpl">challenge</a>
     658      <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.9"></span><span id="rfc.iref.g.10"></span>  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a>   = "WWW-Authenticate" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.www-authenticate" class="smpl">WWW-Authenticate-v</a>
     659  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate-v</a> = 1#<a href="#abnf.dependencies" class="smpl">challenge</a>
    653660</pre><p id="rfc.section.4.4.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.10"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one
    654661         challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a
     
    816823      <h2 id="rfc.section.B.5"><a href="#rfc.section.B.5">B.5</a>&nbsp;<a id="changes.since.03" href="#changes.since.03">Since draft-ietf-httpbis-p7-auth-03</a></h2>
    817824      <h2 id="rfc.section.B.6"><a href="#rfc.section.B.6">B.6</a>&nbsp;<a id="changes.since.04" href="#changes.since.04">Since draft-ietf-httpbis-p7-auth-04</a></h2>
     825      <p id="rfc.section.B.6.p.1">Ongoing work on ABNF conversion (&lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>&gt;):
     826      </p>
     827      <ul>
     828         <li>Use "/" instead of "|" for alternatives.</li>
     829         <li>Introduce new ABNF rules for "bad" whitespace ("BWS"), optional whitespace ("OWS") and required whitespace ("RWS").</li>
     830         <li>Rewrite ABNFs to spell out whitespace rules, factor out header value format definitions.</li>
     831      </ul>
    818832      <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1>
    819833      <p>This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the
     
    858872                     <ul class="ind">
    859873                        <li class="indline1"><tt>Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.3"><b>4.1</b></a></li>
     874                        <li class="indline1"><tt>Authorization-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.4"><b>4.1</b></a></li>
    860875                        <li class="indline1"><tt>challenge</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.1"><b>2</b></a></li>
    861876                        <li class="indline1"><tt>credentials</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.2"><b>2</b></a></li>
    862                         <li class="indline1"><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.4"><b>4.2</b></a></li>
    863                         <li class="indline1"><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.5"><b>4.3</b></a></li>
    864                         <li class="indline1"><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.6"><b>4.4</b></a></li>
     877                        <li class="indline1"><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.5"><b>4.2</b></a></li>
     878                        <li class="indline1"><tt>Proxy-Authenticate-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.6"><b>4.2</b></a></li>
     879                        <li class="indline1"><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.7"><b>4.3</b></a></li>
     880                        <li class="indline1"><tt>Proxy-Authorization-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.8"><b>4.3</b></a></li>
     881                        <li class="indline1"><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.9"><b>4.4</b></a></li>
     882                        <li class="indline1"><tt>WWW-Authenticate-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.10"><b>4.4</b></a></li>
    865883                     </ul>
    866884                  </li>
     
    879897            </li>
    880898            <li class="indline0"><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul class="ind">
    881                   <li class="indline1"><em>Part1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">2</a>, <a class="iref" href="#Part1"><b>8.1</b></a><ul class="ind">
     899                  <li class="indline1"><em>Part1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">2</a>, <a class="iref" href="#rfc.xref.Part1.2">2</a>, <a class="iref" href="#rfc.xref.Part1.3">2</a>, <a class="iref" href="#rfc.xref.Part1.4">2</a>, <a class="iref" href="#Part1"><b>8.1</b></a><ul class="ind">
    882900                        <li class="indline1"><em>Section 2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">2</a></li>
     901                        <li class="indline1"><em>Section 2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.2">2</a>, <a class="iref" href="#rfc.xref.Part1.3">2</a>, <a class="iref" href="#rfc.xref.Part1.4">2</a></li>
    883902                     </ul>
    884903                  </li>
Note: See TracChangeset for help on using the changeset viewer.