* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Ticket #271: 271-p7.diff

File 271-p7.diff, 2.7 KB (added by julian.reschke@gmx.de, 2 years ago)

Proposed patch for Part 7

  • p7-auth.xml

     
    310310  <x:ref>credentials</x:ref> = <x:ref>auth-scheme</x:ref> [ 1*<x:ref>SP</x:ref> ( <x:ref>b64token</x:ref> / #<x:ref>auth-param</x:ref> ) ] 
    311311</artwork></figure> 
    312312<t> 
    313    Requests for protected resources that omit credentials, contain invalid 
    314    credentials (e.g., a bad password), or partial credentials (e.g., when the 
    315    authentication scheme requires more than one round trip) &SHOULD; return a 
    316    401 (Unauthorized) response. Such responses &MUST; include a 
    317    WWW-Authenticate header field containing at least one (possibly new) 
    318    challenge applicable to the requested resource. 
     313   Upon a request for a protected resource that omits credentials, contains 
     314   invalid credentials (e.g., a bad password), or partial credentials (e.g., 
     315   when the authentication scheme requires more than one round trip), an origin 
     316   server &SHOULD; return a 401 (Unauthorized) response. Such responses &MUST; 
     317   include a WWW-Authenticate header field containing at least one (possibly 
     318   new) challenge applicable to the requested resource. 
    319319</t> 
    320320<t> 
    321    Likewise, requests that require authentication by proxies that omit 
    322    credentials, or contain invalid or partial credentials &SHOULD; return a 
    323    407 (Proxy Authentication Required) response. Such responses &MUST; 
    324    include a Proxy-Authenticate header field containing a (possibly new) 
    325    challenge applicable to the proxy. 
     321   Likewise, upon a request that requires authentication by proxies that omit 
     322   credentials, or contain invalid or partial credentials, a proxy &SHOULD; 
     323   return a 407 (Proxy Authentication Required) response. Such responses 
     324   &MUST; include a Proxy-Authenticate header field containing a (possibly 
     325   new) challenge applicable to the proxy. 
    326326</t> 
    327327<t> 
    328328   A server receiving credentials that are valid, but not adequate to gain 
     
    597597</artwork></figure> 
    598598<t> 
    599599   Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to 
    600    the current connection and &SHOULD-NOT;  be passed on to downstream 
    601    clients. However, an intermediate proxy might need to obtain its own 
    602    credentials by requesting them from the downstream client, which in 
     600   the current connection, and intermediaries &SHOULD-NOT;  forward it to 
     601   downstream clients. However, an intermediate proxy might need to obtain its 
     602   own credentials by requesting them from the downstream client, which in 
    603603   some circumstances will appear as if the proxy is forwarding the 
    604604   Proxy-Authenticate header field. 
    605605</t>