| draft-fielding-httpbis-http-auth-00.txt | draft-fielding-httpbis-http-auth-latest.txt | |||
|---|---|---|---|---|
| Network Working Group R. Fielding, Ed. | Network Working Group R. Fielding, Ed. | |||
| Internet-Draft Adobe | Internet-Draft Adobe | |||
| Obsoletes: 7235 (if approved) J. Reschke, Ed. | Obsoletes: 7235 (if approved) J. Reschke, Ed. | |||
| Updates: 2617 (if approved) greenbytes | Updates: 2617 (if approved) greenbytes | |||
| Intended status: Standards Track March 5, 2018 | Intended status: Standards Track March 17, 2018 | |||
| Expires: September 6, 2018 | Expires: September 18, 2018 | |||
| Hypertext Transfer Protocol (HTTP): Authentication | Hypertext Transfer Protocol (HTTP): Authentication | |||
| draft-fielding-httpbis-http-auth-00 | draft-fielding-httpbis-http-auth-latest | |||
| Abstract | Abstract | |||
| The Hypertext Transfer Protocol (HTTP) is a stateless application- | The Hypertext Transfer Protocol (HTTP) is a stateless application- | |||
| level protocol for distributed, collaborative, hypermedia information | level protocol for distributed, collaborative, hypermedia information | |||
| systems. This document defines the HTTP Authentication framework. | systems. This document defines the HTTP Authentication framework. | |||
| This document obsoletes RFC 7235. | This document obsoletes RFC 7235. | |||
| Editorial Note | Editorial Note | |||
| skipping to change at page 1, line 37 ¶ | skipping to change at page 1, line 37 ¶ | |||
| item of the HTTP Working Group._ | item of the HTTP Working Group._ | |||
| Discussion of this draft takes place on the HTTP working group | Discussion of this draft takes place on the HTTP working group | |||
| mailing list (ietf-http-wg@w3.org), which is archived at | mailing list (ietf-http-wg@w3.org), which is archived at | |||
| <http://lists.w3.org/Archives/Public/ietf-http-wg/>. | <http://lists.w3.org/Archives/Public/ietf-http-wg/>. | |||
| Errata for RFC 7235 have been collected at <https://www.rfc- | Errata for RFC 7235 have been collected at <https://www.rfc- | |||
| editor.org/errata_search.php?rfc=7235>, and an additional issues list | editor.org/errata_search.php?rfc=7235>, and an additional issues list | |||
| lives at <https://github.com/httpwg/http11bis/issues>. | lives at <https://github.com/httpwg/http11bis/issues>. | |||
| The changes in this draft are summarized in Appendix D.1. | The changes in this draft are summarized in Appendix D.2. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on September 6, 2018. | This Internet-Draft will expire on September 18, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2018 IETF Trust and the persons identified as the | Copyright (c) 2018 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 3, line 24 ¶ | skipping to change at page 3, line 24 ¶ | |||
| 6.2. Authentication Credentials and Idle Clients . . . . . . . 13 | 6.2. Authentication Credentials and Idle Clients . . . . . . . 13 | |||
| 6.3. Protection Spaces . . . . . . . . . . . . . . . . . . . . 13 | 6.3. Protection Spaces . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 14 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 14 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 14 | 7.2. Informative References . . . . . . . . . . . . . . . . . 14 | |||
| Appendix A. Changes from RFC 7235 . . . . . . . . . . . . . . . 16 | Appendix A. Changes from RFC 7235 . . . . . . . . . . . . . . . 16 | |||
| Appendix B. Imported ABNF . . . . . . . . . . . . . . . . . . . 16 | Appendix B. Imported ABNF . . . . . . . . . . . . . . . . . . . 16 | |||
| Appendix C. Collected ABNF . . . . . . . . . . . . . . . . . . . 16 | Appendix C. Collected ABNF . . . . . . . . . . . . . . . . . . . 16 | |||
| Appendix D. Change Log . . . . . . . . . . . . . . . . . . . . . 17 | Appendix D. Change Log . . . . . . . . . . . . . . . . . . . . . 17 | |||
| D.1. Since RFC 7235 . . . . . . . . . . . . . . . . . . . . . 17 | D.1. Since RFC 7235 . . . . . . . . . . . . . . . . . . . . . 17 | |||
| D.2. Since draft-fielding-httpbis-auth-00 . . . . . . . . . . 18 | ||||
| Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 18 | Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 1. Introduction | 1. Introduction | |||
| HTTP provides a general framework for access control and | HTTP provides a general framework for access control and | |||
| authentication, via an extensible set of challenge-response | authentication, via an extensible set of challenge-response | |||
| authentication schemes, which can be used by a server to challenge a | authentication schemes, which can be used by a server to challenge a | |||
| client request and by a client to provide authentication information. | client request and by a client to provide authentication information. | |||
| skipping to change at page 14, line 22 ¶ | skipping to change at page 14, line 22 ¶ | |||
| Authorization request header field available), and separating | Authorization request header field available), and separating | |||
| protection spaces by using a different host name (or port number) for | protection spaces by using a different host name (or port number) for | |||
| each party. | each party. | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [CACHING] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | [CACHING] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | |||
| Ed., "Hypertext Transfer Protocol (HTTP): Caching", draft- | Ed., "Hypertext Transfer Protocol (HTTP): Caching", draft- | |||
| fielding-httpbis-http-cache-00 (work in progress), March | fielding-httpbis-http-cache-latest (work in progress), | |||
| 2018. | March 2018. | |||
| [MESSGNG] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [MESSGNG] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP/1.1): Message Syntax and Routing", draft- | Protocol (HTTP/1.1): Message Syntax and Routing", draft- | |||
| fielding-httpbis-http-messaging-00 (work in progress), | fielding-httpbis-http-messaging-latest (work in progress), | |||
| March 2018. | March 2018. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, | Requirement Levels", BCP 14, RFC 2119, | |||
| DOI 10.17487/RFC2119, March 1997, | DOI 10.17487/RFC2119, March 1997, | |||
| <https://www.rfc-editor.org/info/rfc2119>. | <https://www.rfc-editor.org/info/rfc2119>. | |||
| [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | |||
| Specifications: ABNF", STD 68, RFC 5234, | Specifications: ABNF", STD 68, RFC 5234, | |||
| DOI 10.17487/RFC5234, January 2008, | DOI 10.17487/RFC5234, January 2008, | |||
| <https://www.rfc-editor.org/info/rfc5234>. | <https://www.rfc-editor.org/info/rfc5234>. | |||
| [SEMNTCS] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | [SEMNTCS] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | |||
| Protocol (HTTP): Semantics and Content", draft-fielding- | Protocol (HTTP): Semantics and Content", draft-fielding- | |||
| httpbis-http-semantics-00 (work in progress), March 2018. | httpbis-http-semantics-latest (work in progress), March | |||
| 2018. | ||||
| 7.2. Informative References | 7.2. Informative References | |||
| [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration | [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration | |||
| Procedures for Message Header Fields", BCP 90, RFC 3864, | Procedures for Message Header Fields", BCP 90, RFC 3864, | |||
| September 2004, <https://www.rfc-editor.org/info/bcp90>. | September 2004, <https://www.rfc-editor.org/info/bcp90>. | |||
| [OWASP] van der Stock, A., Ed., "A Guide to Building Secure Web | [OWASP] van der Stock, A., Ed., "A Guide to Building Secure Web | |||
| Applications and Web Services", The Open Web Application | Applications and Web Services", The Open Web Application | |||
| Security Project (OWASP) 2.0.1, July 2005, | Security Project (OWASP) 2.0.1, July 2005, | |||
| skipping to change at page 18, line 9 ¶ | skipping to change at page 18, line 9 ¶ | |||
| o Update links to sibling specifications. | o Update links to sibling specifications. | |||
| o Replace sections listing changes from RFC 2617 by new empty | o Replace sections listing changes from RFC 2617 by new empty | |||
| sections referring to RFC 723x. | sections referring to RFC 723x. | |||
| o Remove acknowledgements specific to RFC 723x. | o Remove acknowledgements specific to RFC 723x. | |||
| o Move "Acknowledgements" to the very end and make them unnumbered. | o Move "Acknowledgements" to the very end and make them unnumbered. | |||
| D.2. Since draft-fielding-httpbis-auth-00 | ||||
| None yet. | ||||
| Index | Index | |||
| 4 | 4 | |||
| 401 Unauthorized (status code) 7 | 401 Unauthorized (status code) 7 | |||
| 407 Proxy Authentication Required (status code) 7 | 407 Proxy Authentication Required (status code) 7 | |||
| A | A | |||
| Authorization header field 8 | Authorization header field 8 | |||
| C | C | |||
| End of changes. 9 change blocks. | ||||
| 9 lines changed or deleted | 15 lines changed or added | |||
This html diff was produced by rfcdiff 1.44jr. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||