Initial Hypertext Transfer Protocol (HTTP) Authentication Scheme Registrations

Initial Hypertext Transfer Protocol (HTTP) Authentication Scheme Registrations greenbytes GmbH

Hafenweg 16 MuensterNW48155 Germany julian.reschke@greenbytes.de http://greenbytes.de/tech/webdav/

HTTPbis Working Group This document registers Hypertext Transfer Protocol (HTTP) authentication schemes which have been defined in standards-track RFCs before the IANA HTTP Authentication Scheme Registry was established. Discussion of this draft should take place on the HTTPBIS working group mailing list (ietf-http-wg@w3.org), which is archived at . The current issues list is at and related documents (including fancy diffs) can be found at . The changes in this draft are summarized in .

This document registers Hypertext Transfer Protocol (HTTP) authentication schemes which have been defined in standards-track RFCs before the IANA HTTP Authentication Scheme Registry was established.

There are no security considerations related to the registration itself.

provides initial registrations of HTTP authentication schemes for the IANA HTTP Authentication Scheme registry at (see Section 2.3 of ).

HTTP/1.1, part 7: Authentication Day Software

fielding@gbiv.com

Alcatel-Lucent Bell Labs

jg@freedesktop.org

Hewlett-Packard Company

JeffMogul@acm.org

Microsoft Corporation

henrikn@microsoft.com

Adobe Systems, Incorporated

LMM@acm.org

Microsoft Corporation

paulle@microsoft.com

World Wide Web Consortium

timbl@w3.org

World Wide Web Consortium

ylafon@w3.org

greenbytes GmbH

julian.reschke@greenbytes.de

HTTP Authentication: Basic and Digest Access Authentication Northwestern University, Department of Mathematics

john@math.nwu.edu

Verisign Inc.

pbaker@verisign.com

AbiSource, Inc.

jeff@AbiSource.com

Agranat Systems, Inc.

lawrence@agranat.com

Microsoft Corporation

paulle@microsoft.com

Netscape Communications Corporation Open Market, Inc.

stewart@OpenMarket.com

SPNEGO-based Kerberos and NTLM HTTP Authentication in Microsoft Windows

Authentication Scheme Name Reference Notes Basic, Section 2 Digest, Section 3 Negotiate, Section 3 This authentication scheme violates both HTTP semantics (being connection-oriented) and syntax (use of syntax incompatible with the WWW-Authenticate and Authorization header field syntax).

Update draft-ietf-httpbis-p7-auth reference.

Update draft-ietf-httpbis-p7-auth reference. Closed issues: : "need to reserve 'negotiate' as auth scheme name"