* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Changeset 1386


Ignore:
Timestamp:
2011-08-08 05:16:58 (3 years ago)
Author:
julian.reschke@gmx.de
Message:

add BWS ("bad" whitespace) around "=" in auth-param (see #287)

Location:
draft-ietf-httpbis/latest
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/httpbis.abnf

    r1385 r1386  
    7575asctime-date = day-name SP date3 SP time-of-day SP year 
    7676attribute = token 
    77 auth-param = token "=" ( token / quoted-string ) 
     77auth-param = token BWS "=" BWS ( token / quoted-string ) 
    7878auth-scheme = token 
    7979authority = <authority, defined in [RFC3986], Section 3.2> 
  • draft-ietf-httpbis/latest/p7-auth.html

    r1385 r1386  
    359359  }  
    360360  @bottom-center { 
    361        content: "Expires February 8, 2012";  
     361       content: "Expires February 9, 2012";  
    362362  }  
    363363  @bottom-right { 
     
    404404      <meta name="dct.creator" content="Reschke, J. F."> 
    405405      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest"> 
    406       <meta name="dct.issued" scheme="ISO8601" content="2011-08-07"> 
     406      <meta name="dct.issued" scheme="ISO8601" content="2011-08-08"> 
    407407      <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 
    408408      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 7 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 7 defines the HTTP Authentication framework."> 
     
    435435            </tr> 
    436436            <tr> 
    437                <td class="left">Expires: February 8, 2012</td> 
     437               <td class="left">Expires: February 9, 2012</td> 
    438438               <td class="right">HP</td> 
    439439            </tr> 
     
    488488            <tr> 
    489489               <td class="left"></td> 
    490                <td class="right">August 7, 2011</td> 
     490               <td class="right">August 8, 2011</td> 
    491491            </tr> 
    492492         </tbody> 
     
    516516         in progress”. 
    517517      </p> 
    518       <p>This Internet-Draft will expire on February 8, 2012.</p> 
     518      <p>This Internet-Draft will expire on February 9, 2012.</p> 
    519519      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 
    520520      <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p> 
     
    632632      <div id="rfc.figure.u.1"></div><pre class="inline">  <a href="#core.rules" class="smpl">quoted-string</a> = &lt;quoted-string, defined in <a href="#Part1" id="rfc.xref.Part1.3"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
    633633  <a href="#core.rules" class="smpl">token</a>         = &lt;token, defined in <a href="#Part1" id="rfc.xref.Part1.4"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
    634   <a href="#core.rules" class="smpl">OWS</a>           = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.5"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
     634  <a href="#core.rules" class="smpl">BWS</a>           = &lt;BWS, defined in <a href="#Part1" id="rfc.xref.Part1.5"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
     635  <a href="#core.rules" class="smpl">OWS</a>           = &lt;OWS, defined in <a href="#Part1" id="rfc.xref.Part1.6"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>, <a href="p1-messaging.html#basic.rules" title="Basic Rules">Section 1.2.2</a>&gt; 
    635636</pre><h1 id="rfc.section.2"><a href="#rfc.section.2">2.</a>&nbsp;<a id="access.authentication.framework" href="#access.authentication.framework">Access Authentication Framework</a></h1> 
    636637      <h2 id="rfc.section.2.1"><a href="#rfc.section.2.1">2.1</a>&nbsp;<a id="challenge.and.response" href="#challenge.and.response">Challenge and Response</a></h2> 
     
    640641         via that scheme. 
    641642      </p> 
    642       <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.a.1"></span><span id="rfc.iref.a.2"></span>  auth-scheme    = token 
    643   auth-param     = token "=" ( token / quoted-string ) 
     643      <div id="rfc.figure.u.2"></div><pre class="inline"><span id="rfc.iref.a.1"></span><span id="rfc.iref.a.2"></span>  auth-scheme    = <a href="#core.rules" class="smpl">token</a> 
     644  auth-param     = <a href="#core.rules" class="smpl">token</a> <a href="#core.rules" class="smpl">BWS</a> "=" <a href="#core.rules" class="smpl">BWS</a> ( <a href="#core.rules" class="smpl">token</a> / <a href="#core.rules" class="smpl">quoted-string</a> ) 
    644645</pre><p id="rfc.section.2.1.p.3">The 401 (Unauthorized) response message is used by an origin server to challenge the authorization of a user agent. This response <em class="bcp14">MUST</em> include a WWW-Authenticate header field containing at least one challenge applicable to the requested resource. 
    645646      </p> 
     
    688689      <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.r.2"></span><span id="rfc.iref.r.3"></span>  realm       = "realm" "=" realm-value 
    689690  realm-value = quoted-string 
    690 </pre><p id="rfc.section.2.2.p.3">A <dfn>protection space</dfn> is defined by the canonical root URI (the scheme and authority components of the effective request URI; see <a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.6"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) of the server being accessed, in combination with the realm value if present. These realms allow the protected resources 
     691</pre><p id="rfc.section.2.2.p.3">A <dfn>protection space</dfn> is defined by the canonical root URI (the scheme and authority components of the effective request URI; see <a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.7"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) of the server being accessed, in combination with the realm value if present. These realms allow the protected resources 
    691692         on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization 
    692693         database. The realm value is a string, generally assigned by the origin server, which can have additional semantics specific 
     
    720721            <p>Authentication schemes need to be compatible with the inherent constraints of HTTP; for instance, that messages need to keep 
    721722               their semantics when inspected in isolation, thus an authentication scheme can not bind information to the TCP session over 
    722                which the message was received (see <a href="p1-messaging.html#message-orientation-and-buffering" title="Message Orientation and Buffering">Section 2.2</a> of <a href="#Part1" id="rfc.xref.Part1.7"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). 
     723               which the message was received (see <a href="p1-messaging.html#message-orientation-and-buffering" title="Message Orientation and Buffering">Section 2.2</a> of <a href="#Part1" id="rfc.xref.Part1.8"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). 
    723724            </p> 
    724725         </li> 
     
    787788      <h2 id="rfc.section.4.2"><a href="#rfc.section.4.2">4.2</a>&nbsp;<a id="header.proxy-authenticate" href="#header.proxy-authenticate">Proxy-Authenticate</a></h2> 
    788789      <p id="rfc.section.4.2.p.1">The "Proxy-Authenticate" header field consists of a challenge that indicates the authentication scheme and parameters applicable 
    789          to the proxy for this effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.8"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). It <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. 
     790         to the proxy for this effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.9"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). It <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. 
    790791      </p> 
    791792      <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.2"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a> 
     
    811812      <h2 id="rfc.section.4.4"><a href="#rfc.section.4.4">4.4</a>&nbsp;<a id="header.www-authenticate" href="#header.www-authenticate">WWW-Authenticate</a></h2> 
    812813      <p id="rfc.section.4.4.p.1">The "WWW-Authenticate" header field consists of at least one challenge that indicates the authentication scheme(s) and parameters 
    813          applicable to the effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.9"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). 
     814         applicable to the effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.10"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). 
    814815      </p> 
    815816      <p id="rfc.section.4.4.p.2">It <em class="bcp14">MUST</em> be included in 401 (Unauthorized) response messages and <em class="bcp14">MAY</em> be included in other response messages to indicate that supplying credentials (or different credentials) might affect the 
     
    931932         Lawrence C. Stewart for their work on that specification. See <a href="http://tools.ietf.org/html/rfc2617#section-6">Section 6</a> of <a href="#RFC2617" id="rfc.xref.RFC2617.4"><cite title="HTTP Authentication: Basic and Digest Access Authentication">[RFC2617]</cite></a> for further acknowledgements. 
    932933      </p> 
    933       <p id="rfc.section.7.p.2">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 12</a> of <a href="#Part1" id="rfc.xref.Part1.10"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a> for the Acknowledgments related to this document revision. 
     934      <p id="rfc.section.7.p.2">See <a href="p1-messaging.html#acks" title="Acknowledgments">Section 12</a> of <a href="#Part1" id="rfc.xref.Part1.11"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a> for the Acknowledgments related to this document revision. 
    934935      </p> 
    935936      <h1 id="rfc.references"><a id="rfc.section.8" href="#rfc.section.8">8.</a> References 
     
    10101011      <div id="rfc.figure.u.10"></div> <pre class="inline"><a href="#header.authorization" class="smpl">Authorization</a> = credentials 
    10111012 
     1013<a href="#core.rules" class="smpl">BWS</a> = &lt;BWS, defined in [Part1], Section 1.2.2&gt; 
     1014 
    10121015<a href="#core.rules" class="smpl">OWS</a> = &lt;OWS, defined in [Part1], Section 1.2.2&gt; 
    10131016 
     
    10191022 ] ) 
    10201023 
    1021 <a href="#challenge.and.response" class="smpl">auth-param</a> = token "=" ( token / quoted-string ) 
     1024<a href="#challenge.and.response" class="smpl">auth-param</a> = token BWS "=" BWS ( token / quoted-string ) 
    10221025<a href="#challenge.and.response" class="smpl">auth-scheme</a> = token 
    10231026 
     
    11331136         </li> 
    11341137         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/257">http://tools.ietf.org/wg/httpbis/trac/ticket/257</a>&gt;: "Considerations for new authentications schemes" 
     1138         </li> 
     1139         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/287">http://tools.ietf.org/wg/httpbis/trac/ticket/287</a>&gt;: "LWS in auth-param ABNF" 
    11351140         </li> 
    11361141         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/309">http://tools.ietf.org/wg/httpbis/trac/ticket/309</a>&gt;: "credentials ABNF missing SP (still using implied LWS?)" 
     
    11811186            </li> 
    11821187            <li><a id="rfc.index.P" href="#rfc.index.P"><b>P</b></a><ul> 
    1183                   <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.2</a>, <a href="#rfc.xref.Part1.2">1.2.1</a>, <a href="#rfc.xref.Part1.3">1.2.1</a>, <a href="#rfc.xref.Part1.4">1.2.1</a>, <a href="#rfc.xref.Part1.5">1.2.1</a>, <a href="#rfc.xref.Part1.6">2.2</a>, <a href="#rfc.xref.Part1.7">2.3.1</a>, <a href="#rfc.xref.Part1.8">4.2</a>, <a href="#rfc.xref.Part1.9">4.4</a>, <a href="#rfc.xref.Part1.10">7</a>, <a href="#Part1"><b>8.1</b></a><ul> 
     1188                  <li><em>Part1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.2</a>, <a href="#rfc.xref.Part1.2">1.2.1</a>, <a href="#rfc.xref.Part1.3">1.2.1</a>, <a href="#rfc.xref.Part1.4">1.2.1</a>, <a href="#rfc.xref.Part1.5">1.2.1</a>, <a href="#rfc.xref.Part1.6">1.2.1</a>, <a href="#rfc.xref.Part1.7">2.2</a>, <a href="#rfc.xref.Part1.8">2.3.1</a>, <a href="#rfc.xref.Part1.9">4.2</a>, <a href="#rfc.xref.Part1.10">4.4</a>, <a href="#rfc.xref.Part1.11">7</a>, <a href="#Part1"><b>8.1</b></a><ul> 
    11841189                        <li><em>Section 1.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.1">1.2</a></li> 
    1185                         <li><em>Section 1.2.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.2">1.2.1</a>, <a href="#rfc.xref.Part1.3">1.2.1</a>, <a href="#rfc.xref.Part1.4">1.2.1</a>, <a href="#rfc.xref.Part1.5">1.2.1</a></li> 
    1186                         <li><em>Section 2.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.7">2.3.1</a></li> 
    1187                         <li><em>Section 4.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.6">2.2</a>, <a href="#rfc.xref.Part1.8">4.2</a>, <a href="#rfc.xref.Part1.9">4.4</a></li> 
    1188                         <li><em>Section 12</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.10">7</a></li> 
     1190                        <li><em>Section 1.2.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.2">1.2.1</a>, <a href="#rfc.xref.Part1.3">1.2.1</a>, <a href="#rfc.xref.Part1.4">1.2.1</a>, <a href="#rfc.xref.Part1.5">1.2.1</a>, <a href="#rfc.xref.Part1.6">1.2.1</a></li> 
     1191                        <li><em>Section 2.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.8">2.3.1</a></li> 
     1192                        <li><em>Section 4.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.7">2.2</a>, <a href="#rfc.xref.Part1.9">4.2</a>, <a href="#rfc.xref.Part1.10">4.4</a></li> 
     1193                        <li><em>Section 12</em>&nbsp;&nbsp;<a href="#rfc.xref.Part1.11">7</a></li> 
    11891194                     </ul> 
    11901195                  </li> 
  • draft-ietf-httpbis/latest/p7-auth.xml

    r1385 r1386  
    275275   <x:anchor-alias value="quoted-string"/> 
    276276   <x:anchor-alias value="token"/> 
     277   <x:anchor-alias value="BWS"/> 
    277278   <x:anchor-alias value="OWS"/> 
    278279<t> 
     
    282283  <x:ref>quoted-string</x:ref> = &lt;quoted-string, defined in &basic-rules;&gt; 
    283284  <x:ref>token</x:ref>         = &lt;token, defined in &basic-rules;&gt; 
     285  <x:ref>BWS</x:ref>           = &lt;BWS, defined in &basic-rules;&gt; 
    284286  <x:ref>OWS</x:ref>           = &lt;OWS, defined in &basic-rules;&gt; 
    285287</artwork></figure> 
     
    305307</t> 
    306308<figure><artwork type="abnf2616"><iref item="auth-scheme" primary="true"/><iref item="auth-param" primary="true"/> 
    307   auth-scheme    = token 
    308   auth-param     = token "=" ( token / quoted-string ) 
     309  auth-scheme    = <x:ref>token</x:ref> 
     310  auth-param     = <x:ref>token</x:ref> <x:ref>BWS</x:ref> "=" <x:ref>BWS</x:ref> ( <x:ref>token</x:ref> / <x:ref>quoted-string</x:ref> ) 
    309311</artwork></figure> 
    310312<t> 
     
    10711073<x:ref>Authorization</x:ref> = credentials 
    10721074 
     1075<x:ref>BWS</x:ref> = &lt;BWS, defined in [Part1], Section 1.2.2&gt; 
     1076 
    10731077<x:ref>OWS</x:ref> = &lt;OWS, defined in [Part1], Section 1.2.2&gt; 
    10741078 
     
    10801084 ] ) 
    10811085 
    1082 <x:ref>auth-param</x:ref> = token "=" ( token / quoted-string ) 
     1086<x:ref>auth-param</x:ref> = token BWS "=" BWS ( token / quoted-string ) 
    10831087<x:ref>auth-scheme</x:ref> = token 
    10841088 
     
    13021306    </t> 
    13031307    <t> 
     1308      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/287"/>: 
     1309      "LWS in auth-param ABNF" 
     1310    </t> 
     1311    <t> 
    13041312      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/309"/>: 
    13051313      "credentials ABNF missing SP (still using implied LWS?)" 
Note: See TracChangeset for help on using the changeset viewer.