draft-fielding-httpbis-http-auth-00.txt   draft-fielding-httpbis-http-auth-latest.txt 
Network Working Group R. Fielding, Ed. Network Working Group R. Fielding, Ed.
Internet-Draft Adobe Internet-Draft Adobe
Obsoletes: 7235 (if approved) J. Reschke, Ed. Obsoletes: 7235 (if approved) J. Reschke, Ed.
Updates: 2617 (if approved) greenbytes Updates: 2617 (if approved) greenbytes
Intended status: Standards Track March 5, 2018 Intended status: Standards Track March 17, 2018
Expires: September 6, 2018 Expires: September 18, 2018
Hypertext Transfer Protocol (HTTP): Authentication Hypertext Transfer Protocol (HTTP): Authentication
draft-fielding-httpbis-http-auth-00 draft-fielding-httpbis-http-auth-latest
Abstract Abstract
The Hypertext Transfer Protocol (HTTP) is a stateless application- The Hypertext Transfer Protocol (HTTP) is a stateless application-
level protocol for distributed, collaborative, hypermedia information level protocol for distributed, collaborative, hypermedia information
systems. This document defines the HTTP Authentication framework. systems. This document defines the HTTP Authentication framework.
This document obsoletes RFC 7235. This document obsoletes RFC 7235.
Editorial Note Editorial Note
skipping to change at page 1, line 37 skipping to change at page 1, line 37
item of the HTTP Working Group._ item of the HTTP Working Group._
Discussion of this draft takes place on the HTTP working group Discussion of this draft takes place on the HTTP working group
mailing list (ietf-http-wg@w3.org), which is archived at mailing list (ietf-http-wg@w3.org), which is archived at
<http://lists.w3.org/Archives/Public/ietf-http-wg/>. <http://lists.w3.org/Archives/Public/ietf-http-wg/>.
Errata for RFC 7235 have been collected at <https://www.rfc- Errata for RFC 7235 have been collected at <https://www.rfc-
editor.org/errata_search.php?rfc=7235>, and an additional issues list editor.org/errata_search.php?rfc=7235>, and an additional issues list
lives at <https://github.com/httpwg/http11bis/issues>. lives at <https://github.com/httpwg/http11bis/issues>.
The changes in this draft are summarized in Appendix D.1. The changes in this draft are summarized in Appendix D.2.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 6, 2018. This Internet-Draft will expire on September 18, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 24 skipping to change at page 3, line 24
6.2. Authentication Credentials and Idle Clients . . . . . . . 13 6.2. Authentication Credentials and Idle Clients . . . . . . . 13
6.3. Protection Spaces . . . . . . . . . . . . . . . . . . . . 13 6.3. Protection Spaces . . . . . . . . . . . . . . . . . . . . 13
7. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 14
7.1. Normative References . . . . . . . . . . . . . . . . . . 14 7.1. Normative References . . . . . . . . . . . . . . . . . . 14
7.2. Informative References . . . . . . . . . . . . . . . . . 14 7.2. Informative References . . . . . . . . . . . . . . . . . 14
Appendix A. Changes from RFC 7235 . . . . . . . . . . . . . . . 16 Appendix A. Changes from RFC 7235 . . . . . . . . . . . . . . . 16
Appendix B. Imported ABNF . . . . . . . . . . . . . . . . . . . 16 Appendix B. Imported ABNF . . . . . . . . . . . . . . . . . . . 16
Appendix C. Collected ABNF . . . . . . . . . . . . . . . . . . . 16 Appendix C. Collected ABNF . . . . . . . . . . . . . . . . . . . 16
Appendix D. Change Log . . . . . . . . . . . . . . . . . . . . . 17 Appendix D. Change Log . . . . . . . . . . . . . . . . . . . . . 17
D.1. Since RFC 7235 . . . . . . . . . . . . . . . . . . . . . 17 D.1. Since RFC 7235 . . . . . . . . . . . . . . . . . . . . . 17
D.2. Since draft-fielding-httpbis-auth-00 . . . . . . . . . . 18
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 18 Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . 18
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 19
1. Introduction 1. Introduction
HTTP provides a general framework for access control and HTTP provides a general framework for access control and
authentication, via an extensible set of challenge-response authentication, via an extensible set of challenge-response
authentication schemes, which can be used by a server to challenge a authentication schemes, which can be used by a server to challenge a
client request and by a client to provide authentication information. client request and by a client to provide authentication information.
skipping to change at page 14, line 22 skipping to change at page 14, line 22
Authorization request header field available), and separating Authorization request header field available), and separating
protection spaces by using a different host name (or port number) for protection spaces by using a different host name (or port number) for
each party. each party.
7. References 7. References
7.1. Normative References 7.1. Normative References
[CACHING] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, [CACHING] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke,
Ed., "Hypertext Transfer Protocol (HTTP): Caching", draft- Ed., "Hypertext Transfer Protocol (HTTP): Caching", draft-
fielding-httpbis-http-cache-00 (work in progress), March fielding-httpbis-http-cache-latest (work in progress),
2018. March 2018.
[MESSGNG] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [MESSGNG] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP/1.1): Message Syntax and Routing", draft- Protocol (HTTP/1.1): Message Syntax and Routing", draft-
fielding-httpbis-http-messaging-00 (work in progress), fielding-httpbis-http-messaging-latest (work in progress),
March 2018. March 2018.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008, DOI 10.17487/RFC5234, January 2008,
<https://www.rfc-editor.org/info/rfc5234>. <https://www.rfc-editor.org/info/rfc5234>.
[SEMNTCS] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer [SEMNTCS] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer
Protocol (HTTP): Semantics and Content", draft-fielding- Protocol (HTTP): Semantics and Content", draft-fielding-
httpbis-http-semantics-00 (work in progress), March 2018. httpbis-http-semantics-latest (work in progress), March
2018.
7.2. Informative References 7.2. Informative References
[BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration [BCP90] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864, Procedures for Message Header Fields", BCP 90, RFC 3864,
September 2004, <https://www.rfc-editor.org/info/bcp90>. September 2004, <https://www.rfc-editor.org/info/bcp90>.
[OWASP] van der Stock, A., Ed., "A Guide to Building Secure Web [OWASP] van der Stock, A., Ed., "A Guide to Building Secure Web
Applications and Web Services", The Open Web Application Applications and Web Services", The Open Web Application
Security Project (OWASP) 2.0.1, July 2005, Security Project (OWASP) 2.0.1, July 2005,
skipping to change at page 18, line 9 skipping to change at page 18, line 9
o Update links to sibling specifications. o Update links to sibling specifications.
o Replace sections listing changes from RFC 2617 by new empty o Replace sections listing changes from RFC 2617 by new empty
sections referring to RFC 723x. sections referring to RFC 723x.
o Remove acknowledgements specific to RFC 723x. o Remove acknowledgements specific to RFC 723x.
o Move "Acknowledgements" to the very end and make them unnumbered. o Move "Acknowledgements" to the very end and make them unnumbered.
D.2. Since draft-fielding-httpbis-auth-00
None yet.
Index Index
4 4
401 Unauthorized (status code) 7 401 Unauthorized (status code) 7
407 Proxy Authentication Required (status code) 7 407 Proxy Authentication Required (status code) 7
A A
Authorization header field 8 Authorization header field 8
C C
 End of changes. 9 change blocks. 
9 lines changed or deleted 15 lines changed or added

This html diff was produced by rfcdiff 1.44jr. The latest version is available from http://tools.ietf.org/tools/rfcdiff/