* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Changeset 1465


Ignore:
Timestamp:
2011-10-31 01:58:42 (3 years ago)
Author:
julian.reschke@gmx.de
Message:

Explain that new authentication schemes can not override the parsing rules for WWW-Authenticate with respect to param value syntax, and also add an example for a non-trivial to parse header field instance (see #320)

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p7-auth.html

    r1464 r1465  
    750750         </li> 
    751751         <li> 
     752            <p>The parsing of challenges and credentials is defined by this specification, and cannot be modified by new authentication schemes. 
     753               When the auth-param syntax is used, all parameters ought to support both token and quoted-string syntax, and syntactical constraints 
     754               ought to be defined on the field value after parsing (i.e., quoted-string processing). This is necessary so that recipients 
     755               can use a generic parser that applies to all authentication schemes. 
     756            </p> 
     757            <p> <b>Note:</b> the fact that the value syntax for the "realm" parameter is restricted to quoted-string was a bad design choice not to be 
     758               repeated for new parameters. 
     759            </p> 
     760         </li> 
     761         <li> 
    752762            <p>Authentication schemes need to document whether they are usable in origin-server authentication (i.e., using WWW-Authenticate), 
    753763               and/or proxy authentication (i.e., using Proxy-Authenticate). 
     
    842852         challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a 
    843853         comma-separated list of authentication parameters. 
     854      </p> 
     855      <div id="rfc.figure.u.10"></div>  
     856      <p>For instance:</p>  <pre class="text">  WWW-Authenticate: Newauth realm="apps", type=1, 
     857                    title="Login to \"apps\"", Basic realm="simple" 
     858</pre>  <p>This header field contains two challenges; one for the "Newauth" scheme with a realm value of "apps", and two additional parameters 
     859         "type" and "title", and another one for the "Basic" scheme with a realm value of "simple". 
    844860      </p> 
    845861      <h1 id="rfc.section.5"><a href="#rfc.section.5">5.</a>&nbsp;<a id="IANA.considerations" href="#IANA.considerations">IANA Considerations</a></h1> 
     
    10431059      </p> 
    10441060      <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> 
    1045       <div id="rfc.figure.u.10"></div> <pre class="inline"><a href="#header.authorization" class="smpl">Authorization</a> = credentials 
     1061      <div id="rfc.figure.u.11"></div> <pre class="inline"><a href="#header.authorization" class="smpl">Authorization</a> = credentials 
    10461062 
    10471063<a href="#core.rules" class="smpl">BWS</a> = &lt;BWS, defined in [Part1], Section 1.2.2&gt; 
     
    10731089 
    10741090<a href="#core.rules" class="smpl">token</a> = &lt;token, defined in [Part1], Section 3.2.3&gt; 
    1075 </pre> <div id="rfc.figure.u.11"></div> 
     1091</pre> <div id="rfc.figure.u.12"></div> 
    10761092      <p>ABNF diagnostics:</p><pre class="inline">; Authorization defined but not used 
    10771093; Proxy-Authenticate defined but not used 
     
    11861202      <ul> 
    11871203         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/186">http://tools.ietf.org/wg/httpbis/trac/ticket/186</a>&gt;: "Document HTTP's error-handling philosophy" 
     1204         </li> 
     1205         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/320">http://tools.ietf.org/wg/httpbis/trac/ticket/320</a>&gt;: "add advice on defining auth scheme parameters" 
    11881206         </li> 
    11891207      </ul> 
  • draft-ietf-httpbis/latest/p7-auth.xml

    r1452 r1465  
    509509    <x:lt> 
    510510    <t> 
     511      The parsing of challenges and credentials is defined by this specification, 
     512      and cannot be modified by new authentication schemes. When the auth-param 
     513      syntax is used, all parameters ought to support both token and 
     514      quoted-string syntax, and syntactical constraints ought to be defined on 
     515      the field value after parsing (i.e., quoted-string processing). This is 
     516      necessary so that recipients can use a generic parser that applies to 
     517      all authentication schemes. 
     518    </t> 
     519    <t> 
     520      <x:h>Note:</x:h> the fact that the value syntax for the "realm" parameter 
     521      is restricted to quoted-string was a bad design choice not to be repeated 
     522      for new parameters. 
     523    </t> 
     524    </x:lt> 
     525    <x:lt> 
     526    <t> 
    511527      Authentication schemes need to document whether they are usable in 
    512528      origin-server authentication (i.e., using WWW-Authenticate), and/or 
     
    701717   authentication parameters. 
    702718</t> 
     719<figure> 
     720  <preamble>For instance:</preamble> 
     721  <artwork type="example"> 
     722  WWW-Authenticate: Newauth realm="apps", type=1, 
     723                    title="Login to \"apps\"", Basic realm="simple" 
     724</artwork> 
     725  <postamble> 
     726  This header field contains two challenges; one for the "Newauth" scheme 
     727  with a realm value of "apps", and two additional parameters "type" and 
     728  "title", and another one for the "Basic" scheme with a realm value of "simple". 
     729</postamble></figure> 
    703730</section> 
    704731 
     
    14131440      "Document HTTP's error-handling philosophy" 
    14141441    </t> 
     1442    <t> 
     1443      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/320"/>: 
     1444      "add advice on defining auth scheme parameters" 
     1445    </t> 
    14151446  </list> 
    14161447</t> 
Note: See TracChangeset for help on using the changeset viewer.