Changeset 365 for draft-ietf-httpbis/latest/p7-auth.html

Timestamp:

13/11/08 18:28:51 (14 years ago)

Author:

julian.reschke@…

Message:

Rewrite header ABNFs to spell out whitespace rules, factor out value format definitions. (related to #36)

File:

• draft-ietf-httpbis/latest/p7-auth.html (modified) (9 diffs)

draft-ietf-httpbis/latest/p7-auth.html

@@ -471 +471 @@
          <tr>
             <td class="header left"></td>
-            <td class="header right">November 11, 2008</td>
+            <td class="header right">November 13, 2008</td>
          </tr>
       </table>
@@ -571 +571 @@
       </p>
       <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="notation" href="#notation">Notational Conventions and Generic Grammar</a></h1>
-      <p id="rfc.section.2.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation.abnf" title="Augmented BNF">Section 2.1</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. <span class="comment">[abnf.dep: ABNF syntax and basic rules will be adopted from RFC 5234, see &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>&gt;.]</span> 
+      <p id="rfc.section.2.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation.abnf" title="ABNF Extensions">Section 2.1</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. <span class="comment">[abnf.dep: ABNF syntax and basic rules will be adopted from RFC 5234, see &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>&gt;.]</span> 
       </p>
       <div id="abnf.dependencies">
-         <p id="rfc.section.2.p.2">    The ABNF rules below are defined in other specifications:</p>
+         <p id="rfc.section.2.p.2">          The ABNF rules below are defined in other specifications:</p>
       </div>
-      <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span>  <a href="#abnf.dependencies" class="smpl">challenge</a>   = &lt;challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>&gt;
+      <div id="rfc.figure.u.1"></div><pre class="inline">  <a href="#abnf.dependencies" class="smpl">BWS</a>           = &lt;BWS, defined in <a href="#Part1" id="rfc.xref.Part1.2"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>&gt;
+  <a href="#abnf.dependencies" class="smpl">OWS</a>           = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.3"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>&gt;
+  <a href="#abnf.dependencies" class="smpl">RWS</a>           = &lt;RWS, defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>&gt;
+</pre><div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span>  <a href="#abnf.dependencies" class="smpl">challenge</a>   = &lt;challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>&gt;
   <a href="#abnf.dependencies" class="smpl">credentials</a> = &lt;credentials, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>&gt;
 </pre><h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;Status Code Definitions
@@ -600 +603 @@
       <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a>&nbsp;<a id="header.authorization" href="#header.authorization">Authorization</a></h2>
       <p id="rfc.section.4.1.p.1">A user agent that wishes to authenticate itself with a server-- usually, but not necessarily, after receiving a 401 response--does
-         so by including an Authorization request-header field with the request. The Authorization field value consists of credentials
+         so by including an Authorization request-header field with the request. The field "Authorization" consists of credentials
          containing the authentication information of the user agent for the realm of the resource being requested.
       </p>
-      <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.3"></span>  <a href="#header.authorization" class="smpl">Authorization</a>  = "Authorization" ":" <a href="#abnf.dependencies" class="smpl">credentials</a>
+      <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.3"></span><span id="rfc.iref.g.4"></span>  <a href="#header.authorization" class="smpl">Authorization</a>   = "Authorization" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.authorization" class="smpl">Authorization-v</a>
+  <a href="#header.authorization" class="smpl">Authorization-v</a> = <a href="#abnf.dependencies" class="smpl">credentials</a>
 </pre><p id="rfc.section.4.1.p.3">HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.7"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. If a request is authenticated and a realm specified, the same credentials <em class="bcp14">SHOULD</em> be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise,
          such as credentials that vary according to a challenge value or using synchronized clocks).
@@ -623 +627 @@
       <div id="rfc.iref.h.2"></div>
       <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a>&nbsp;<a id="header.proxy-authenticate" href="#header.proxy-authenticate">Proxy-Authenticate</a></h2>
-      <p id="rfc.section.4.2.p.1">The Proxy-Authenticate response-header field <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates
+      <p id="rfc.section.4.2.p.1">The response-header field "Proxy-Authenticate" <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates
          the authentication scheme and parameters applicable to the proxy for this Request-URI.
       </p>
-      <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.4"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a>  = "Proxy-Authenticate" ":" 1#<a href="#abnf.dependencies" class="smpl">challenge</a>
+      <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span><span id="rfc.iref.g.6"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a>   = "Proxy-Authenticate" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate-v</a>
+  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate-v</a> = 1#<a href="#abnf.dependencies" class="smpl">challenge</a>
 </pre><p id="rfc.section.4.2.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.8"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting
          them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate
@@ -634 +639 @@
       <div id="rfc.iref.h.3"></div>
       <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a>&nbsp;<a id="header.proxy-authorization" href="#header.proxy-authorization">Proxy-Authorization</a></h2>
-      <p id="rfc.section.4.3.p.1">The Proxy-Authorization request-header field allows the client to identify itself (or its user) to a proxy which requires
+      <p id="rfc.section.4.3.p.1">The request-header field "Proxy-Authorization" allows the client to identify itself (or its user) to a proxy which requires
          authentication. The Proxy-Authorization field value consists of credentials containing the authentication information of the
          user agent for the proxy and/or realm of the resource being requested.
       </p>
-      <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a>     = "Proxy-Authorization" ":" <a href="#abnf.dependencies" class="smpl">credentials</a>
+      <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.7"></span><span id="rfc.iref.g.8"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a>     = "Proxy-Authorization" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization-v</a>
+  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization-v</a>   = <a href="#abnf.dependencies" class="smpl">credentials</a>
 </pre><p id="rfc.section.4.3.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.9"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike Authorization, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication
          using the Proxy-Authenticate field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed
@@ -650 +656 @@
          authentication scheme(s) and parameters applicable to the Request-URI.
       </p>
-      <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.6"></span>  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a>  = "WWW-Authenticate" ":" 1#<a href="#abnf.dependencies" class="smpl">challenge</a>
+      <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.9"></span><span id="rfc.iref.g.10"></span>  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a>   = "WWW-Authenticate" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.www-authenticate" class="smpl">WWW-Authenticate-v</a>
+  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate-v</a> = 1#<a href="#abnf.dependencies" class="smpl">challenge</a>
 </pre><p id="rfc.section.4.4.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.10"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one
          challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a
@@ -816 +823 @@
       <h2 id="rfc.section.B.5"><a href="#rfc.section.B.5">B.5</a>&nbsp;<a id="changes.since.03" href="#changes.since.03">Since draft-ietf-httpbis-p7-auth-03</a></h2>
       <h2 id="rfc.section.B.6"><a href="#rfc.section.B.6">B.6</a>&nbsp;<a id="changes.since.04" href="#changes.since.04">Since draft-ietf-httpbis-p7-auth-04</a></h2>
+      <p id="rfc.section.B.6.p.1">Ongoing work on ABNF conversion (&lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>&gt;): 
+      </p>
+      <ul>
+         <li>Use "/" instead of "|" for alternatives.</li>
+         <li>Introduce new ABNF rules for "bad" whitespace ("BWS"), optional whitespace ("OWS") and required whitespace ("RWS").</li>
+         <li>Rewrite ABNFs to spell out whitespace rules, factor out header value format definitions.</li>
+      </ul>
       <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1>
       <p>This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the
@@ -858 +872 @@
                      <ul class="ind">
                         <li class="indline1"><tt>Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.3"><b>4.1</b></a></li>
+                        <li class="indline1"><tt>Authorization-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.4"><b>4.1</b></a></li>
                         <li class="indline1"><tt>challenge</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.1"><b>2</b></a></li>
                         <li class="indline1"><tt>credentials</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.2"><b>2</b></a></li>
-                        <li class="indline1"><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.4"><b>4.2</b></a></li>
-                        <li class="indline1"><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.5"><b>4.3</b></a></li>
-                        <li class="indline1"><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.6"><b>4.4</b></a></li>
+                        <li class="indline1"><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.5"><b>4.2</b></a></li>
+                        <li class="indline1"><tt>Proxy-Authenticate-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.6"><b>4.2</b></a></li>
+                        <li class="indline1"><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.7"><b>4.3</b></a></li>
+                        <li class="indline1"><tt>Proxy-Authorization-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.8"><b>4.3</b></a></li>
+                        <li class="indline1"><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.9"><b>4.4</b></a></li>
+                        <li class="indline1"><tt>WWW-Authenticate-v</tt>&nbsp;&nbsp;<a class="iref" href="#rfc.iref.g.10"><b>4.4</b></a></li>
                      </ul>
                   </li>
@@ -879 +897 @@
             </li>
             <li class="indline0"><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul class="ind">
-                  <li class="indline1"><em>Part1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">2</a>, <a class="iref" href="#Part1"><b>8.1</b></a><ul class="ind">
+                  <li class="indline1"><em>Part1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">2</a>, <a class="iref" href="#rfc.xref.Part1.2">2</a>, <a class="iref" href="#rfc.xref.Part1.3">2</a>, <a class="iref" href="#rfc.xref.Part1.4">2</a>, <a class="iref" href="#Part1"><b>8.1</b></a><ul class="ind">
                         <li class="indline1"><em>Section 2.1</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.1">2</a></li>
+                        <li class="indline1"><em>Section 2.2</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.Part1.2">2</a>, <a class="iref" href="#rfc.xref.Part1.3">2</a>, <a class="iref" href="#rfc.xref.Part1.4">2</a></li>
                      </ul>
                   </li>