HTTP Authentication Extensions for Interactive Clients
The Internet-Draft
http://tools.ietf.org/html/draft-oiwa-httpbis-auth-extension-00
Previous versions are available as draft-oiwa-http-auth-extension
- It was designed for HTTP Mutual authentication at first, but it is generic to every interactive authentication scheme on HTTP.
Overview
- Fill gaps between current HTTP authentication framework and Web application needs
- Concurrent support for guest (unauthenticated) users on the same page as for authenticated users (optional authentication)
- Log-out
- Session timeout
- Customized pages for log-in/log-out interface (incl. announcements, warnings or advertisement)
- etc.
- Easily-understandable API used from Web applications
- Optional authentication: configure it to Web server and it's all OK
- Others: just set an Authentication-Control: HTTP header and it's all
- Easy deployment: the header can be configured statically
- no CGIs required on common cases
- carefully designed so that these headers will be ignored whenever not applicable or meaningful
- Easy deployment: the header can be configured statically
- Not harmful for non-Web applications, too: base authn. semantics is not changed, so just ignore the header is enough
Use cases
See the Section 5 of the draft for information on how to use this extension.
Implementations
Reference implementations for Mutual authentication, available on project homepage, implements these extensions, too.
Last modified 10 years ago
Last modified on 05/06/12 05:21:27