Changes between Initial Version and Version 1 of HttpAuthProposals/AuthExtension


Ignore:
Timestamp:
05/06/12 04:59:34 (10 years ago)
Author:
y.oiwa@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • HttpAuthProposals/AuthExtension

    v1 v1  
     1= HTTP Authentication Extensions for Interactive Clients =
     2
     3== The Internet-Draft ==
     4[http://tools.ietf.org/html/draft-oiwa-httpbis-auth-extension-00]
     5
     6Previous versions are available as [http://tools.ietf.org/html/draft-oiwa-http-auth-extension draft-oiwa-http-auth-extension]
     7
     8 * It was designed for [../MutualAuth HTTP Mutual authentication] at first, but it is generic to every interactive authentication scheme on HTTP.
     9
     10== Overview ==
     11 * Fill gaps between current HTTP authentication framework and Web application needs
     12   * Concurrent support for guest (unauthenticated) users on the same page as for authenticated users (optional authentication)
     13   * Log-out
     14   * Session timeout
     15   * Customized pages for log-in/log-out interface (incl. announcements, warnings or advertisement)
     16   * etc.
     17 * Easily-understandable API used from Web applications
     18   * Optional authentication: configure it to Web server and it's all OK
     19   * Others: just set an Authentication-Control: HTTP header and it's all
     20    * Easy deployment: the header can be configured statically
     21     * no CGIs required on common cases
     22     * carefully designed so that these headers will be ignored whenever not applicable or meaningful
     23 * Not harmful for non-Web applications, too: base authn. semantics is not changed, so just ignore the header is enough
     24
     25== Implementations ==
     26
     27Reference implementations for [../MutualAuth Mutual authentication], available on [https://www.rcis.aist.go.jp/special/MutualAuth/ project homepage],
     28implements these extensions, too.