= HTTP Authentication Extensions for Interactive Clients =

== The Internet-Draft ==
[http://tools.ietf.org/html/draft-oiwa-httpbis-auth-extension-00]

Previous versions are available as [http://tools.ietf.org/html/draft-oiwa-http-auth-extension draft-oiwa-http-auth-extension]

 * It was designed for [../MutualAuth HTTP Mutual authentication] at first, but it is generic to every interactive authentication scheme on HTTP.

== Overview ==
 * Fill gaps between current HTTP authentication framework and Web application needs
   * Concurrent support for guest (unauthenticated) users on the same page as for authenticated users (optional authentication)
   * Log-out
   * Session timeout
   * Customized pages for log-in/log-out interface (incl. announcements, warnings or advertisement)
   * etc.
 * Easily-understandable API used from Web applications
   * Optional authentication: configure it to Web server and it's all OK
   * Others: just set an Authentication-Control: HTTP header and it's all
    * Easy deployment: the header can be configured statically
     * no CGIs required on common cases
     * carefully designed so that these headers will be ignored whenever not applicable or meaningful
 * Not harmful for non-Web applications, too: base authn. semantics is not changed, so just ignore the header is enough

== Implementations ==

Reference implementations for [../MutualAuth Mutual authentication], available on [https://www.rcis.aist.go.jp/special/MutualAuth/ project homepage],
implements these extensions, too.