Changeset 365 for draft-ietf-httpbis/latest/p7-auth.html
- Timestamp:
- 13/11/08 18:28:51 (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p7-auth.html
r345 r365 471 471 <tr> 472 472 <td class="header left"></td> 473 <td class="header right">November 1 1, 2008</td>473 <td class="header right">November 13, 2008</td> 474 474 </tr> 475 475 </table> … … 571 571 </p> 572 572 <h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a> <a id="notation" href="#notation">Notational Conventions and Generic Grammar</a></h1> 573 <p id="rfc.section.2.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation.abnf" title="A ugmented BNF">Section 2.1</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. <span class="comment">[abnf.dep: ABNF syntax and basic rules will be adopted from RFC 5234, see <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>>.]</span>573 <p id="rfc.section.2.p.1">This specification uses the ABNF syntax defined in <a href="p1-messaging.html#notation.abnf" title="ABNF Extensions">Section 2.1</a> of <a href="#Part1" id="rfc.xref.Part1.1"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. <span class="comment">[abnf.dep: ABNF syntax and basic rules will be adopted from RFC 5234, see <<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>>.]</span> 574 574 </p> 575 575 <div id="abnf.dependencies"> 576 <p id="rfc.section.2.p.2"> The ABNF rules below are defined in other specifications:</p>576 <p id="rfc.section.2.p.2"> The ABNF rules below are defined in other specifications:</p> 577 577 </div> 578 <div id="rfc.figure.u.1"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span> <a href="#abnf.dependencies" class="smpl">challenge</a> = <challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>> 578 <div id="rfc.figure.u.1"></div><pre class="inline"> <a href="#abnf.dependencies" class="smpl">BWS</a> = <BWS, defined in <a href="#Part1" id="rfc.xref.Part1.2"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>> 579 <a href="#abnf.dependencies" class="smpl">OWS</a> = <OWS, defined in <a href="#Part1" id="rfc.xref.Part1.3"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>> 580 <a href="#abnf.dependencies" class="smpl">RWS</a> = <RWS, defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 2.2</a>> 581 </pre><div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.1"></span><span id="rfc.iref.g.2"></span> <a href="#abnf.dependencies" class="smpl">challenge</a> = <challenge, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.3"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>> 579 582 <a href="#abnf.dependencies" class="smpl">credentials</a> = <credentials, defined in <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>, <a href="http://tools.ietf.org/html/rfc2617#section-1.2">Section 1.2</a>> 580 583 </pre><h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a> Status Code Definitions … … 600 603 <h2 id="rfc.section.4.1"><a href="#rfc.section.4.1">4.1</a> <a id="header.authorization" href="#header.authorization">Authorization</a></h2> 601 604 <p id="rfc.section.4.1.p.1">A user agent that wishes to authenticate itself with a server-- usually, but not necessarily, after receiving a 401 response--does 602 so by including an Authorization request-header field with the request. The Authorization field valueconsists of credentials605 so by including an Authorization request-header field with the request. The field "Authorization" consists of credentials 603 606 containing the authentication information of the user agent for the realm of the resource being requested. 604 607 </p> 605 <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.g.3"></span> <a href="#header.authorization" class="smpl">Authorization</a> = "Authorization" ":" <a href="#abnf.dependencies" class="smpl">credentials</a> 608 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.3"></span><span id="rfc.iref.g.4"></span> <a href="#header.authorization" class="smpl">Authorization</a> = "Authorization" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.authorization" class="smpl">Authorization-v</a> 609 <a href="#header.authorization" class="smpl">Authorization-v</a> = <a href="#abnf.dependencies" class="smpl">credentials</a> 606 610 </pre><p id="rfc.section.4.1.p.3">HTTP access authentication is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.7"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. If a request is authenticated and a realm specified, the same credentials <em class="bcp14">SHOULD</em> be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise, 607 611 such as credentials that vary according to a challenge value or using synchronized clocks). … … 623 627 <div id="rfc.iref.h.2"></div> 624 628 <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a> <a id="header.proxy-authenticate" href="#header.proxy-authenticate">Proxy-Authenticate</a></h2> 625 <p id="rfc.section.4.2.p.1">The Proxy-Authenticate response-header field<em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates629 <p id="rfc.section.4.2.p.1">The response-header field "Proxy-Authenticate" <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. The field value consists of a challenge that indicates 626 630 the authentication scheme and parameters applicable to the proxy for this Request-URI. 627 631 </p> 628 <div id="rfc.figure.u.3"></div><pre class="inline"><span id="rfc.iref.g.4"></span> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = "Proxy-Authenticate" ":" 1#<a href="#abnf.dependencies" class="smpl">challenge</a> 632 <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span><span id="rfc.iref.g.6"></span> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = "Proxy-Authenticate" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate-v</a> 633 <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate-v</a> = 1#<a href="#abnf.dependencies" class="smpl">challenge</a> 629 634 </pre><p id="rfc.section.4.2.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.8"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting 630 635 them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate … … 634 639 <div id="rfc.iref.h.3"></div> 635 640 <h2 id="rfc.section.4.3"><a href="#rfc.section.4.3">4.3</a> <a id="header.proxy-authorization" href="#header.proxy-authorization">Proxy-Authorization</a></h2> 636 <p id="rfc.section.4.3.p.1">The Proxy-Authorization request-header fieldallows the client to identify itself (or its user) to a proxy which requires641 <p id="rfc.section.4.3.p.1">The request-header field "Proxy-Authorization" allows the client to identify itself (or its user) to a proxy which requires 637 642 authentication. The Proxy-Authorization field value consists of credentials containing the authentication information of the 638 643 user agent for the proxy and/or realm of the resource being requested. 639 644 </p> 640 <div id="rfc.figure.u.4"></div><pre class="inline"><span id="rfc.iref.g.5"></span> <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = "Proxy-Authorization" ":" <a href="#abnf.dependencies" class="smpl">credentials</a> 645 <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.7"></span><span id="rfc.iref.g.8"></span> <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = "Proxy-Authorization" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization-v</a> 646 <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization-v</a> = <a href="#abnf.dependencies" class="smpl">credentials</a> 641 647 </pre><p id="rfc.section.4.3.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.9"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. Unlike Authorization, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication 642 648 using the Proxy-Authenticate field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed … … 650 656 authentication scheme(s) and parameters applicable to the Request-URI. 651 657 </p> 652 <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.6"></span> <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> = "WWW-Authenticate" ":" 1#<a href="#abnf.dependencies" class="smpl">challenge</a> 658 <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.9"></span><span id="rfc.iref.g.10"></span> <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> = "WWW-Authenticate" <a href="#abnf.dependencies" class="smpl">BWS</a> ":" <a href="#abnf.dependencies" class="smpl">OWS</a> <a href="#header.www-authenticate" class="smpl">WWW-Authenticate-v</a> 659 <a href="#header.www-authenticate" class="smpl">WWW-Authenticate-v</a> = 1#<a href="#abnf.dependencies" class="smpl">challenge</a> 653 660 </pre><p id="rfc.section.4.4.p.3">The HTTP access authentication process is described in "HTTP Authentication: Basic and Digest Access Authentication" <a href="#RFC2617" id="rfc.xref.RFC2617.10"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a>. User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one 654 661 challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a … … 816 823 <h2 id="rfc.section.B.5"><a href="#rfc.section.B.5">B.5</a> <a id="changes.since.03" href="#changes.since.03">Since draft-ietf-httpbis-p7-auth-03</a></h2> 817 824 <h2 id="rfc.section.B.6"><a href="#rfc.section.B.6">B.6</a> <a id="changes.since.04" href="#changes.since.04">Since draft-ietf-httpbis-p7-auth-04</a></h2> 825 <p id="rfc.section.B.6.p.1">Ongoing work on ABNF conversion (<<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/36">http://tools.ietf.org/wg/httpbis/trac/ticket/36</a>>): 826 </p> 827 <ul> 828 <li>Use "/" instead of "|" for alternatives.</li> 829 <li>Introduce new ABNF rules for "bad" whitespace ("BWS"), optional whitespace ("OWS") and required whitespace ("RWS").</li> 830 <li>Rewrite ABNFs to spell out whitespace rules, factor out header value format definitions.</li> 831 </ul> 818 832 <h1><a id="rfc.copyright" href="#rfc.copyright">Full Copyright Statement</a></h1> 819 833 <p>This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the … … 858 872 <ul class="ind"> 859 873 <li class="indline1"><tt>Authorization</tt> <a class="iref" href="#rfc.iref.g.3"><b>4.1</b></a></li> 874 <li class="indline1"><tt>Authorization-v</tt> <a class="iref" href="#rfc.iref.g.4"><b>4.1</b></a></li> 860 875 <li class="indline1"><tt>challenge</tt> <a class="iref" href="#rfc.iref.g.1"><b>2</b></a></li> 861 876 <li class="indline1"><tt>credentials</tt> <a class="iref" href="#rfc.iref.g.2"><b>2</b></a></li> 862 <li class="indline1"><tt>Proxy-Authenticate</tt> <a class="iref" href="#rfc.iref.g.4"><b>4.2</b></a></li> 863 <li class="indline1"><tt>Proxy-Authorization</tt> <a class="iref" href="#rfc.iref.g.5"><b>4.3</b></a></li> 864 <li class="indline1"><tt>WWW-Authenticate</tt> <a class="iref" href="#rfc.iref.g.6"><b>4.4</b></a></li> 877 <li class="indline1"><tt>Proxy-Authenticate</tt> <a class="iref" href="#rfc.iref.g.5"><b>4.2</b></a></li> 878 <li class="indline1"><tt>Proxy-Authenticate-v</tt> <a class="iref" href="#rfc.iref.g.6"><b>4.2</b></a></li> 879 <li class="indline1"><tt>Proxy-Authorization</tt> <a class="iref" href="#rfc.iref.g.7"><b>4.3</b></a></li> 880 <li class="indline1"><tt>Proxy-Authorization-v</tt> <a class="iref" href="#rfc.iref.g.8"><b>4.3</b></a></li> 881 <li class="indline1"><tt>WWW-Authenticate</tt> <a class="iref" href="#rfc.iref.g.9"><b>4.4</b></a></li> 882 <li class="indline1"><tt>WWW-Authenticate-v</tt> <a class="iref" href="#rfc.iref.g.10"><b>4.4</b></a></li> 865 883 </ul> 866 884 </li> … … 879 897 </li> 880 898 <li class="indline0"><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul class="ind"> 881 <li class="indline1"><em>Part1</em> <a class="iref" href="#rfc.xref.Part1.1">2</a>, <a class="iref" href="# Part1"><b>8.1</b></a><ul class="ind">899 <li class="indline1"><em>Part1</em> <a class="iref" href="#rfc.xref.Part1.1">2</a>, <a class="iref" href="#rfc.xref.Part1.2">2</a>, <a class="iref" href="#rfc.xref.Part1.3">2</a>, <a class="iref" href="#rfc.xref.Part1.4">2</a>, <a class="iref" href="#Part1"><b>8.1</b></a><ul class="ind"> 882 900 <li class="indline1"><em>Section 2.1</em> <a class="iref" href="#rfc.xref.Part1.1">2</a></li> 901 <li class="indline1"><em>Section 2.2</em> <a class="iref" href="#rfc.xref.Part1.2">2</a>, <a class="iref" href="#rfc.xref.Part1.3">2</a>, <a class="iref" href="#rfc.xref.Part1.4">2</a></li> 883 902 </ul> 884 903 </li>
Note: See TracChangeset
for help on using the changeset viewer.