| draft-ietf-httpbis-p7-auth-07.txt | draft-ietf-httpbis-p7-auth-08.txt | |||
|---|---|---|---|---|
| HTTPbis Working Group R. Fielding, Ed. | HTTPbis Working Group R. Fielding, Ed. | |||
| Internet-Draft Day Software | Internet-Draft Day Software | |||
| Obsoletes: 2616 (if approved) J. Gettys | Obsoletes: 2616 (if approved) J. Gettys | |||
| Updates: 2617 (if approved) One Laptop per Child | Updates: 2617 (if approved) One Laptop per Child | |||
| Intended status: Standards Track J. Mogul | Intended status: Standards Track J. Mogul | |||
| Expires: January 14, 2010 HP | Expires: April 29, 2010 HP | |||
| H. Frystyk | H. Frystyk | |||
| Microsoft | Microsoft | |||
| L. Masinter | L. Masinter | |||
| Adobe Systems | Adobe Systems | |||
| P. Leach | P. Leach | |||
| Microsoft | Microsoft | |||
| T. Berners-Lee | T. Berners-Lee | |||
| W3C/MIT | W3C/MIT | |||
| Y. Lafon, Ed. | Y. Lafon, Ed. | |||
| W3C | W3C | |||
| J. Reschke, Ed. | J. Reschke, Ed. | |||
| greenbytes | greenbytes | |||
| July 13, 2009 | October 26, 2009 | |||
| HTTP/1.1, part 7: Authentication | HTTP/1.1, part 7: Authentication | |||
| draft-ietf-httpbis-p7-auth-07 | draft-ietf-httpbis-p7-auth-08 | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. This document may contain material | provisions of BCP 78 and BCP 79. This document may contain material | |||
| from IETF Documents or IETF Contributions published or made publicly | from IETF Documents or IETF Contributions published or made publicly | |||
| available before November 10, 2008. The person(s) controlling the | available before November 10, 2008. The person(s) controlling the | |||
| copyright in some of this material may not have granted the IETF | copyright in some of this material may not have granted the IETF | |||
| Trust the right to allow modifications of such material outside the | Trust the right to allow modifications of such material outside the | |||
| IETF Standards Process. Without obtaining an adequate license from | IETF Standards Process. Without obtaining an adequate license from | |||
| skipping to change at page 2, line 10 | skipping to change at page 2, line 10 | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on January 14, 2010. | This Internet-Draft will expire on April 29, 2010. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2009 IETF Trust and the persons identified as the | Copyright (c) 2009 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents in effect on the date of | Provisions Relating to IETF Documents in effect on the date of | |||
| publication of this document (http://trustee.ietf.org/license-info). | publication of this document (http://trustee.ietf.org/license-info). | |||
| Please review these documents carefully, as they describe your rights | Please review these documents carefully, as they describe your rights | |||
| skipping to change at page 2, line 41 | skipping to change at page 2, line 41 | |||
| HTTP Authentication. | HTTP Authentication. | |||
| Editorial Note (To be removed by RFC Editor) | Editorial Note (To be removed by RFC Editor) | |||
| Discussion of this draft should take place on the HTTPBIS working | Discussion of this draft should take place on the HTTPBIS working | |||
| group mailing list (ietf-http-wg@w3.org). The current issues list is | group mailing list (ietf-http-wg@w3.org). The current issues list is | |||
| at <http://tools.ietf.org/wg/httpbis/trac/report/11> and related | at <http://tools.ietf.org/wg/httpbis/trac/report/11> and related | |||
| documents (including fancy diffs) can be found at | documents (including fancy diffs) can be found at | |||
| <http://tools.ietf.org/wg/httpbis/>. | <http://tools.ietf.org/wg/httpbis/>. | |||
| The changes in this draft are summarized in Appendix C.8. | The changes in this draft are summarized in Appendix C.9. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4 | 1.1. Requirements . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 4 | 1.2. Syntax Notation . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 1.2.1. Core Rules . . . . . . . . . . . . . . . . . . . . . . 5 | 1.2.1. Core Rules . . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 1.2.2. ABNF Rules defined in other Parts of the | 1.2.2. ABNF Rules defined in other Parts of the | |||
| Specification . . . . . . . . . . . . . . . . . . . . 5 | Specification . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2. Status Code Definitions . . . . . . . . . . . . . . . . . . . 5 | 2. Status Code Definitions . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 5 | 2.1. 401 Unauthorized . . . . . . . . . . . . . . . . . . . . . 5 | |||
| 2.2. 407 Proxy Authentication Required . . . . . . . . . . . . 5 | 2.2. 407 Proxy Authentication Required . . . . . . . . . . . . 5 | |||
| 3. Header Field Definitions . . . . . . . . . . . . . . . . . . . 5 | 3. Header Field Definitions . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 6 | 3.1. Authorization . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 7 | 3.2. Proxy-Authenticate . . . . . . . . . . . . . . . . . . . . 6 | |||
| 3.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 7 | 3.3. Proxy-Authorization . . . . . . . . . . . . . . . . . . . 7 | |||
| 3.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | 3.4. WWW-Authenticate . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.1. Message Header Registration . . . . . . . . . . . . . . . 8 | 4.1. Status Code Registration . . . . . . . . . . . . . . . . . 8 | |||
| 4.2. Message Header Registration . . . . . . . . . . . . . . . 8 | ||||
| 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | 5. Security Considerations . . . . . . . . . . . . . . . . . . . 8 | |||
| 5.1. Authentication Credentials and Idle Clients . . . . . . . 8 | 5.1. Authentication Credentials and Idle Clients . . . . . . . 9 | |||
| 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | 6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | 7.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . . 10 | 7.2. Informative References . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. Compatibility with Previous Versions . . . . . . . . 10 | Appendix A. Compatibility with Previous Versions . . . . . . . . 10 | |||
| A.1. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 10 | A.1. Changes from RFC 2616 . . . . . . . . . . . . . . . . . . 10 | |||
| Appendix B. Collected ABNF . . . . . . . . . . . . . . . . . . . 10 | Appendix B. Collected ABNF . . . . . . . . . . . . . . . . . . . 11 | |||
| Appendix C. Change Log (to be removed by RFC Editor before | Appendix C. Change Log (to be removed by RFC Editor before | |||
| publication) . . . . . . . . . . . . . . . . . . . . 11 | publication) . . . . . . . . . . . . . . . . . . . . 11 | |||
| C.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 11 | C.1. Since RFC2616 . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| C.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 11 | C.2. Since draft-ietf-httpbis-p7-auth-00 . . . . . . . . . . . 11 | |||
| C.3. Since draft-ietf-httpbis-p7-auth-01 . . . . . . . . . . . 11 | C.3. Since draft-ietf-httpbis-p7-auth-01 . . . . . . . . . . . 11 | |||
| C.4. Since draft-ietf-httpbis-p7-auth-02 . . . . . . . . . . . 11 | C.4. Since draft-ietf-httpbis-p7-auth-02 . . . . . . . . . . . 12 | |||
| C.5. Since draft-ietf-httpbis-p7-auth-03 . . . . . . . . . . . 11 | C.5. Since draft-ietf-httpbis-p7-auth-03 . . . . . . . . . . . 12 | |||
| C.6. Since draft-ietf-httpbis-p7-auth-04 . . . . . . . . . . . 11 | C.6. Since draft-ietf-httpbis-p7-auth-04 . . . . . . . . . . . 12 | |||
| C.7. Since draft-ietf-httpbis-p7-auth-05 . . . . . . . . . . . 12 | C.7. Since draft-ietf-httpbis-p7-auth-05 . . . . . . . . . . . 12 | |||
| C.8. Since draft-ietf-httpbis-p7-auth-06 . . . . . . . . . . . 12 | C.8. Since draft-ietf-httpbis-p7-auth-06 . . . . . . . . . . . 12 | |||
| Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 | C.9. Since draft-ietf-httpbis-p7-auth-07 . . . . . . . . . . . 12 | |||
| Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 | ||||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 1. Introduction | 1. Introduction | |||
| This document defines HTTP/1.1 access control and authentication. | This document defines HTTP/1.1 access control and authentication. | |||
| Right now it includes the extracted relevant sections of RFC 2616 | Right now it includes the extracted relevant sections of RFC 2616 | |||
| with only minor changes. The intention is to move the general | with only minor changes. The intention is to move the general | |||
| framework for HTTP authentication here, as currently specified in | framework for HTTP authentication here, as currently specified in | |||
| [RFC2617], and allow the individual authentication mechanisms to be | [RFC2617], and allow the individual authentication mechanisms to be | |||
| defined elsewhere. This introduction will be rewritten when that | defined elsewhere. This introduction will be rewritten when that | |||
| skipping to change at page 6, line 7 | skipping to change at page 6, line 7 | |||
| in "HTTP Authentication: Basic and Digest Access Authentication" | in "HTTP Authentication: Basic and Digest Access Authentication" | |||
| [RFC2617]. | [RFC2617]. | |||
| 3. Header Field Definitions | 3. Header Field Definitions | |||
| This section defines the syntax and semantics of HTTP/1.1 header | This section defines the syntax and semantics of HTTP/1.1 header | |||
| fields related to authentication. | fields related to authentication. | |||
| 3.1. Authorization | 3.1. Authorization | |||
| A user agent that wishes to authenticate itself with a server-- | The "Authorization" request-header field allows a user agent to | |||
| usually, but not necessarily, after receiving a 401 response--does so | authenticate itself with a server -- usually, but not necessary, | |||
| by including an Authorization request-header field with the request. | after receiving a 401 (Unauthorized) response. Its value consists of | |||
| The field "Authorization" consists of credentials containing the | credentials containing information of the user agent for the realm of | |||
| authentication information of the user agent for the realm of the | the resource being requested. | |||
| resource being requested. | ||||
| Authorization = "Authorization" ":" OWS Authorization-v | Authorization = "Authorization" ":" OWS Authorization-v | |||
| Authorization-v = credentials | Authorization-v = credentials | |||
| HTTP access authentication is described in "HTTP Authentication: | HTTP access authentication is described in "HTTP Authentication: | |||
| Basic and Digest Access Authentication" [RFC2617]. If a request is | Basic and Digest Access Authentication" [RFC2617]. If a request is | |||
| authenticated and a realm specified, the same credentials SHOULD be | authenticated and a realm specified, the same credentials SHOULD be | |||
| valid for all other requests within this realm (assuming that the | valid for all other requests within this realm (assuming that the | |||
| authentication scheme itself does not require otherwise, such as | authentication scheme itself does not require otherwise, such as | |||
| credentials that vary according to a challenge value or using | credentials that vary according to a challenge value or using | |||
| skipping to change at page 7, line 7 | skipping to change at page 6, line 50 | |||
| subsequent request. But if the response is stale, all caches | subsequent request. But if the response is stale, all caches | |||
| MUST first revalidate it with the origin server, using the | MUST first revalidate it with the origin server, using the | |||
| request-headers from the new request to allow the origin server | request-headers from the new request to allow the origin server | |||
| to authenticate the new request. | to authenticate the new request. | |||
| 3. If the response includes the "public" cache-control directive, it | 3. If the response includes the "public" cache-control directive, it | |||
| MAY be returned in reply to any subsequent request. | MAY be returned in reply to any subsequent request. | |||
| 3.2. Proxy-Authenticate | 3.2. Proxy-Authenticate | |||
| The response-header field "Proxy-Authenticate" MUST be included as | The "Proxy-Authenticate" response-header field consists of a | |||
| part of a 407 (Proxy Authentication Required) response. The field | challenge that indicates the authentication scheme and parameters | |||
| value consists of a challenge that indicates the authentication | applicable to the proxy for this request-target. It MUST be included | |||
| scheme and parameters applicable to the proxy for this request- | as part of a 407 (Proxy Authentication Required) response. | |||
| target. | ||||
| Proxy-Authenticate = "Proxy-Authenticate" ":" OWS | Proxy-Authenticate = "Proxy-Authenticate" ":" OWS | |||
| Proxy-Authenticate-v | Proxy-Authenticate-v | |||
| Proxy-Authenticate-v = 1#challenge | Proxy-Authenticate-v = 1#challenge | |||
| The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
| Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
| Unlike WWW-Authenticate, the Proxy-Authenticate header field applies | Unlike WWW-Authenticate, the Proxy-Authenticate header field applies | |||
| only to the current connection and SHOULD NOT be passed on to | only to the current connection and SHOULD NOT be passed on to | |||
| downstream clients. However, an intermediate proxy might need to | downstream clients. However, an intermediate proxy might need to | |||
| obtain its own credentials by requesting them from the downstream | obtain its own credentials by requesting them from the downstream | |||
| client, which in some circumstances will appear as if the proxy is | client, which in some circumstances will appear as if the proxy is | |||
| forwarding the Proxy-Authenticate header field. | forwarding the Proxy-Authenticate header field. | |||
| 3.3. Proxy-Authorization | 3.3. Proxy-Authorization | |||
| The request-header field "Proxy-Authorization" allows the client to | The "Proxy-Authorization" request-header field allows the client to | |||
| identify itself (or its user) to a proxy which requires | identify itself (or its user) to a proxy which requires | |||
| authentication. The Proxy-Authorization field value consists of | authentication. Its value consists of credentials containing the | |||
| credentials containing the authentication information of the user | authentication information of the user agent for the proxy and/or | |||
| agent for the proxy and/or realm of the resource being requested. | realm of the resource being requested. | |||
| Proxy-Authorization = "Proxy-Authorization" ":" OWS | Proxy-Authorization = "Proxy-Authorization" ":" OWS | |||
| Proxy-Authorization-v | Proxy-Authorization-v | |||
| Proxy-Authorization-v = credentials | Proxy-Authorization-v = credentials | |||
| The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
| Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
| Unlike Authorization, the Proxy-Authorization header field applies | Unlike Authorization, the Proxy-Authorization header field applies | |||
| only to the next outbound proxy that demanded authentication using | only to the next outbound proxy that demanded authentication using | |||
| the Proxy-Authenticate field. When multiple proxies are used in a | the Proxy-Authenticate field. When multiple proxies are used in a | |||
| chain, the Proxy-Authorization header field is consumed by the first | chain, the Proxy-Authorization header field is consumed by the first | |||
| outbound proxy that was expecting to receive credentials. A proxy | outbound proxy that was expecting to receive credentials. A proxy | |||
| MAY relay the credentials from the client request to the next proxy | MAY relay the credentials from the client request to the next proxy | |||
| if that is the mechanism by which the proxies cooperatively | if that is the mechanism by which the proxies cooperatively | |||
| authenticate a given request. | authenticate a given request. | |||
| 3.4. WWW-Authenticate | 3.4. WWW-Authenticate | |||
| The WWW-Authenticate response-header field MUST be included in 401 | The "WWW-Authenticate" response-header field consists of at least one | |||
| (Unauthorized) response messages. The field value consists of at | challenge that indicates the authentication scheme(s) and parameters | |||
| least one challenge that indicates the authentication scheme(s) and | applicable to the request-target. It MUST be included in 401 | |||
| parameters applicable to the request-target. | (Unauthorized) response messages. | |||
| WWW-Authenticate = "WWW-Authenticate" ":" OWS WWW-Authenticate-v | WWW-Authenticate = "WWW-Authenticate" ":" OWS WWW-Authenticate-v | |||
| WWW-Authenticate-v = 1#challenge | WWW-Authenticate-v = 1#challenge | |||
| The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
| Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
| User agents are advised to take special care in parsing the WWW- | User agents are advised to take special care in parsing the WWW- | |||
| Authenticate field value as it might contain more than one challenge, | Authenticate field value as it might contain more than one challenge, | |||
| or if more than one WWW-Authenticate header field is provided, the | or if more than one WWW-Authenticate header field is provided, the | |||
| contents of a challenge itself can contain a comma-separated list of | contents of a challenge itself can contain a comma-separated list of | |||
| authentication parameters. | authentication parameters. | |||
| 4. IANA Considerations | 4. IANA Considerations | |||
| skipping to change at page 8, line 20 | skipping to change at page 8, line 14 | |||
| The HTTP access authentication process is described in "HTTP | The HTTP access authentication process is described in "HTTP | |||
| Authentication: Basic and Digest Access Authentication" [RFC2617]. | Authentication: Basic and Digest Access Authentication" [RFC2617]. | |||
| User agents are advised to take special care in parsing the WWW- | User agents are advised to take special care in parsing the WWW- | |||
| Authenticate field value as it might contain more than one challenge, | Authenticate field value as it might contain more than one challenge, | |||
| or if more than one WWW-Authenticate header field is provided, the | or if more than one WWW-Authenticate header field is provided, the | |||
| contents of a challenge itself can contain a comma-separated list of | contents of a challenge itself can contain a comma-separated list of | |||
| authentication parameters. | authentication parameters. | |||
| 4. IANA Considerations | 4. IANA Considerations | |||
| 4.1. Message Header Registration | 4.1. Status Code Registration | |||
| The HTTP Status Code Registry located at | ||||
| <http://www.iana.org/assignments/http-status-codes> should be updated | ||||
| with the registrations below: | ||||
| +-------+-------------------------------+-------------+ | ||||
| | Value | Description | Reference | | ||||
| +-------+-------------------------------+-------------+ | ||||
| | 401 | Unauthorized | Section 2.1 | | ||||
| | 407 | Proxy Authentication Required | Section 2.2 | | ||||
| +-------+-------------------------------+-------------+ | ||||
| 4.2. Message Header Registration | ||||
| The Message Header Registry located at <http://www.iana.org/ | The Message Header Registry located at <http://www.iana.org/ | |||
| assignments/message-headers/message-header-index.html> should be | assignments/message-headers/message-header-index.html> should be | |||
| updated with the permanent registrations below (see [RFC3864]): | updated with the permanent registrations below (see [RFC3864]): | |||
| +---------------------+----------+----------+-------------+ | +---------------------+----------+----------+-------------+ | |||
| | Header Field Name | Protocol | Status | Reference | | | Header Field Name | Protocol | Status | Reference | | |||
| +---------------------+----------+----------+-------------+ | +---------------------+----------+----------+-------------+ | |||
| | Authorization | http | standard | Section 3.1 | | | Authorization | http | standard | Section 3.1 | | |||
| | Proxy-Authenticate | http | standard | Section 3.2 | | | Proxy-Authenticate | http | standard | Section 3.2 | | |||
| skipping to change at page 9, line 37 | skipping to change at page 9, line 44 | |||
| [[anchor2: TBD.]] | [[anchor2: TBD.]] | |||
| 7. References | 7. References | |||
| 7.1. Normative References | 7.1. Normative References | |||
| [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | [Part1] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | |||
| Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | |||
| and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, | and J. Reschke, Ed., "HTTP/1.1, part 1: URIs, Connections, | |||
| and Message Parsing", draft-ietf-httpbis-p1-messaging-07 | and Message Parsing", draft-ietf-httpbis-p1-messaging-08 | |||
| (work in progress), July 2009. | (work in progress), October 2009. | |||
| [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | [Part6] Fielding, R., Ed., Gettys, J., Mogul, J., Frystyk, H., | |||
| Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | Masinter, L., Leach, P., Berners-Lee, T., Lafon, Y., Ed., | |||
| Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part | Nottingham, M., Ed., and J. Reschke, Ed., "HTTP/1.1, part | |||
| 6: Caching", draft-ietf-httpbis-p6-cache-07 (work in | 6: Caching", draft-ietf-httpbis-p6-cache-08 (work in | |||
| progress), July 2009. | progress), October 2009. | |||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | |||
| Requirement Levels", BCP 14, RFC 2119, March 1997. | Requirement Levels", BCP 14, RFC 2119, March 1997. | |||
| [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | [RFC2617] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., | |||
| Leach, P., Luotonen, A., and L. Stewart, "HTTP | Leach, P., Luotonen, A., and L. Stewart, "HTTP | |||
| Authentication: Basic and Digest Access Authentication", | Authentication: Basic and Digest Access Authentication", | |||
| RFC 2617, June 1999. | RFC 2617, June 1999. | |||
| [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | |||
| skipping to change at page 12, line 25 | skipping to change at page 12, line 46 | |||
| Final work on ABNF conversion | Final work on ABNF conversion | |||
| (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): | (<http://tools.ietf.org/wg/httpbis/trac/ticket/36>): | |||
| o Add appendix containing collected and expanded ABNF, reorganize | o Add appendix containing collected and expanded ABNF, reorganize | |||
| ABNF introduction. | ABNF introduction. | |||
| C.8. Since draft-ietf-httpbis-p7-auth-06 | C.8. Since draft-ietf-httpbis-p7-auth-06 | |||
| None. | None. | |||
| C.9. Since draft-ietf-httpbis-p7-auth-07 | ||||
| Closed issues: | ||||
| o <http://tools.ietf.org/wg/httpbis/trac/ticket/198>: "move IANA | ||||
| registrations for optional status codes" | ||||
| Index | Index | |||
| 4 | 4 | |||
| 401 Unauthorized (status code) 5 | 401 Unauthorized (status code) 5 | |||
| 407 Proxy Authentication Required (status code) 5 | 407 Proxy Authentication Required (status code) 5 | |||
| A | A | |||
| Authorization header 6 | Authorization header 6 | |||
| G | G | |||
| Grammar | Grammar | |||
| Authorization 6 | Authorization 6 | |||
| Authorization-v 6 | Authorization-v 6 | |||
| challenge 5 | challenge 5 | |||
| credentials 5 | credentials 5 | |||
| Proxy-Authenticate 7 | Proxy-Authenticate 7 | |||
| Proxy-Authenticate-v 7 | Proxy-Authenticate-v 7 | |||
| Proxy-Authorization 7 | Proxy-Authorization 7 | |||
| Proxy-Authorization-v 7 | Proxy-Authorization-v 7 | |||
| WWW-Authenticate 8 | WWW-Authenticate 7 | |||
| WWW-Authenticate-v 8 | WWW-Authenticate-v 7 | |||
| H | H | |||
| Headers | Headers | |||
| Authorization 6 | Authorization 6 | |||
| Proxy-Authenticate 7 | Proxy-Authenticate 6 | |||
| Proxy-Authorization 7 | Proxy-Authorization 7 | |||
| WWW-Authenticate 7 | WWW-Authenticate 7 | |||
| P | P | |||
| Proxy-Authenticate header 7 | Proxy-Authenticate header 6 | |||
| Proxy-Authorization header 7 | Proxy-Authorization header 7 | |||
| S | S | |||
| Status Codes | Status Codes | |||
| 401 Unauthorized 5 | 401 Unauthorized 5 | |||
| 407 Proxy Authentication Required 5 | 407 Proxy Authentication Required 5 | |||
| W | W | |||
| WWW-Authenticate header 7 | WWW-Authenticate header 7 | |||
| End of changes. 24 change blocks. | ||||
| 42 lines changed or deleted | 61 lines changed or added | |||
This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||