* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Changeset 1478


Ignore:
Timestamp:
2011-11-25 07:53:44 (3 years ago)
Author:
julian.reschke@gmx.de
Message:

realm: move quoted-string requirement into prose and add a note that in practice recipients may have to support both (see #314)

Location:
draft-ietf-httpbis/latest
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/httpbis.abnf

    r1470 r1478  
    196196qvalue = ( "0" [ "." *3DIGIT ] ) / ( "1" [ "." *3"0" ] ) 
    197197range-unit = bytes-unit / other-range-unit 
    198 realm = "realm" BWS "=" BWS realm-value 
    199 realm-value = quoted-string 
    200198received-by = ( uri-host [ ":" port ] ) / pseudonym 
    201199received-protocol = [ protocol-name "/" ] protocol-version 
     
    283281; http-URI defined but not used 
    284282; https-URI defined but not used 
    285 ; realm defined but not used 
    286283; special defined but not used 
  • draft-ietf-httpbis/latest/p7-auth.html

    r1477 r1478  
    359359  }  
    360360  @bottom-center { 
    361        content: "Expires May 17, 2012";  
     361       content: "Expires May 28, 2012";  
    362362  }  
    363363  @bottom-right { 
     
    405405      <meta name="dct.creator" content="Reschke, J. F."> 
    406406      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p7-auth-latest"> 
    407       <meta name="dct.issued" scheme="ISO8601" content="2011-11-14"> 
     407      <meta name="dct.issued" scheme="ISO8601" content="2011-11-25"> 
    408408      <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 
    409409      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 7 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 7 defines the HTTP Authentication framework."> 
     
    436436            </tr> 
    437437            <tr> 
    438                <td class="left">Expires: May 17, 2012</td> 
     438               <td class="left">Expires: May 28, 2012</td> 
    439439               <td class="right">HP</td> 
    440440            </tr> 
     
    489489            <tr> 
    490490               <td class="left"></td> 
    491                <td class="right">November 14, 2011</td> 
     491               <td class="right">November 25, 2011</td> 
    492492            </tr> 
    493493         </tbody> 
     
    517517         in progress”. 
    518518      </p> 
    519       <p>This Internet-Draft will expire on May 17, 2012.</p> 
     519      <p>This Internet-Draft will expire on May 28, 2012.</p> 
    520520      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 
    521521      <p>Copyright © 2011 IETF Trust and the persons identified as the document authors. All rights reserved.</p> 
     
    705705      <div id="rfc.iref.r.1"></div> 
    706706      <h2 id="rfc.section.2.2"><a href="#rfc.section.2.2">2.2</a>&nbsp;<a id="protection.space" href="#protection.space">Protection Space (Realm)</a></h2> 
    707       <p id="rfc.section.2.2.p.1">The authentication parameter realm is reserved for use by authentication schemes that wish to indicate the scope of protection:</p> 
    708       <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.r.2"></span><span id="rfc.iref.r.3"></span><span id="rfc.iref.g.6"></span>  realm       = "realm" <a href="#core.rules" class="smpl">BWS</a> "=" <a href="#core.rules" class="smpl">BWS</a> realm-value 
    709   realm-value = quoted-string 
    710 </pre><p id="rfc.section.2.2.p.3">A <dfn>protection space</dfn> is defined by the canonical root URI (the scheme and authority components of the effective request URI; see <a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.8"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) of the server being accessed, in combination with the realm value if present. These realms allow the protected resources 
     707      <p id="rfc.section.2.2.p.1">The authentication parameter realm is reserved for use by authentication schemes that wish to indicate the scope of protection.</p> 
     708      <p id="rfc.section.2.2.p.2">A <dfn>protection space</dfn> is defined by the canonical root URI (the scheme and authority components of the effective request URI; see <a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.8"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>) of the server being accessed, in combination with the realm value if present. These realms allow the protected resources 
    711709         on a server to be partitioned into a set of protection spaces, each with its own authentication scheme and/or authorization 
    712710         database. The realm value is a string, generally assigned by the origin server, which can have additional semantics specific 
    713711         to the authentication scheme. Note that there can be multiple challenges with the same auth-scheme but different realms. 
    714712      </p> 
    715       <p id="rfc.section.2.2.p.4">The protection space determines the domain over which credentials can be automatically applied. If a prior request has been 
     713      <p id="rfc.section.2.2.p.3">The protection space determines the domain over which credentials can be automatically applied. If a prior request has been 
    716714         authorized, the same credentials <em class="bcp14">MAY</em> be reused for all other requests within that protection space for a period of time determined by the authentication scheme, 
    717715         parameters, and/or user preference. Unless otherwise defined by the authentication scheme, a single protection space cannot 
    718716         extend outside the scope of its server. 
     717      </p> 
     718      <p id="rfc.section.2.2.p.4">For historical reasons, senders <em class="bcp14">MUST</em> only use the quoted-string syntax. Recipients might have to support both token and quoted-string syntax for maximum interoperability 
     719         with existing clients that have been accepting both notations for a long time. 
    719720      </p> 
    720721      <h2 id="rfc.section.2.3"><a href="#rfc.section.2.3">2.3</a>&nbsp;<a id="authentication.scheme.registry" href="#authentication.scheme.registry">Authentication Scheme Registry</a></h2> 
     
    779780      </ul> 
    780781      <h1 id="rfc.section.3"><a href="#rfc.section.3">3.</a>&nbsp;<a id="status.code.definitions" href="#status.code.definitions">Status Code Definitions</a></h1> 
    781       <div id="rfc.iref.15"></div> 
     782      <div id="rfc.iref.12"></div> 
    782783      <div id="rfc.iref.s.1"></div> 
    783784      <h2 id="rfc.section.3.1"><a href="#rfc.section.3.1">3.1</a>&nbsp;<a id="status.401" href="#status.401">401 Unauthorized</a></h2> 
     
    787788         information. 
    788789      </p> 
    789       <div id="rfc.iref.16"></div> 
     790      <div id="rfc.iref.13"></div> 
    790791      <div id="rfc.iref.s.2"></div> 
    791792      <h2 id="rfc.section.3.2"><a href="#rfc.section.3.2">3.2</a>&nbsp;<a id="status.407" href="#status.407">407 Proxy Authentication Required</a></h2> 
     
    802803         for the realm of the resource being requested. 
    803804      </p> 
    804       <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.7"></span>  <a href="#header.authorization" class="smpl">Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a> 
     805      <div id="rfc.figure.u.5"></div><pre class="inline"><span id="rfc.iref.g.6"></span>  <a href="#header.authorization" class="smpl">Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a> 
    805806</pre><p id="rfc.section.4.1.p.3">If a request is authenticated and a realm specified, the same credentials <em class="bcp14">SHOULD</em> be valid for all other requests within this realm (assuming that the authentication scheme itself does not require otherwise, 
    806807         such as credentials that vary according to a challenge value or using synchronized clocks). 
     
    825826         to the proxy for this effective request URI (<a href="p1-messaging.html#effective.request.uri" title="Effective Request URI">Section 4.3</a> of <a href="#Part1" id="rfc.xref.Part1.10"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>). It <em class="bcp14">MUST</em> be included as part of a 407 (Proxy Authentication Required) response. 
    826827      </p> 
    827       <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.8"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a> 
     828      <div id="rfc.figure.u.6"></div><pre class="inline"><span id="rfc.iref.g.7"></span>  <a href="#header.proxy-authenticate" class="smpl">Proxy-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a> 
    828829</pre><p id="rfc.section.4.2.p.3">Unlike WWW-Authenticate, the Proxy-Authenticate header field applies only to the current connection and <em class="bcp14">SHOULD NOT</em> be passed on to downstream clients. However, an intermediate proxy might need to obtain its own credentials by requesting 
    829830         them from the downstream client, which in some circumstances will appear as if the proxy is forwarding the Proxy-Authenticate 
     
    837838         the resource being requested. 
    838839      </p> 
    839       <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.9"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a> 
     840      <div id="rfc.figure.u.7"></div><pre class="inline"><span id="rfc.iref.g.8"></span>  <a href="#header.proxy-authorization" class="smpl">Proxy-Authorization</a> = <a href="#challenge.and.response" class="smpl">credentials</a> 
    840841</pre><p id="rfc.section.4.3.p.3">Unlike Authorization, the Proxy-Authorization header field applies only to the next outbound proxy that demanded authentication 
    841842         using the Proxy-Authenticate field. When multiple proxies are used in a chain, the Proxy-Authorization header field is consumed 
     
    852853         response. 
    853854      </p> 
    854       <div id="rfc.figure.u.9"></div><pre class="inline"><span id="rfc.iref.g.10"></span>  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a> 
     855      <div id="rfc.figure.u.8"></div><pre class="inline"><span id="rfc.iref.g.9"></span>  <a href="#header.www-authenticate" class="smpl">WWW-Authenticate</a> = 1#<a href="#challenge.and.response" class="smpl">challenge</a> 
    855856</pre><p id="rfc.section.4.4.p.4">User agents are advised to take special care in parsing the WWW-Authenticate field value as it might contain more than one 
    856857         challenge, or if more than one WWW-Authenticate header field is provided, the contents of a challenge itself can contain a 
    857858         comma-separated list of authentication parameters. 
    858859      </p> 
    859       <div id="rfc.figure.u.10"></div>  
     860      <div id="rfc.figure.u.9"></div>  
    860861      <p>For instance:</p>  <pre class="text">  WWW-Authenticate: Newauth realm="apps", type=1, 
    861862                    title="Login to \"apps\"", Basic realm="simple" 
     
    10631064      </p> 
    10641065      <h1 id="rfc.section.B"><a href="#rfc.section.B">B.</a>&nbsp;<a id="collected.abnf" href="#collected.abnf">Collected ABNF</a></h1> 
    1065       <div id="rfc.figure.u.11"></div> <pre class="inline"><a href="#header.authorization" class="smpl">Authorization</a> = credentials 
     1066      <div id="rfc.figure.u.10"></div> <pre class="inline"><a href="#header.authorization" class="smpl">Authorization</a> = credentials 
    10661067 
    10671068<a href="#core.rules" class="smpl">BWS</a> = &lt;BWS, defined in [Part1], Section 1.2.2&gt; 
     
    10891090<a href="#core.rules" class="smpl">quoted-string</a> = &lt;quoted-string, defined in [Part1], Section 3.2.3&gt; 
    10901091 
    1091 realm = "realm" BWS "=" BWS realm-value 
    1092 realm-value = quoted-string 
    1093  
    10941092<a href="#core.rules" class="smpl">token</a> = &lt;token, defined in [Part1], Section 3.2.3&gt; 
    1095 </pre> <div id="rfc.figure.u.12"></div> 
     1093</pre> <div id="rfc.figure.u.11"></div> 
    10961094      <p>ABNF diagnostics:</p><pre class="inline">; Authorization defined but not used 
    10971095; Proxy-Authenticate defined but not used 
    10981096; Proxy-Authorization defined but not used 
    10991097; WWW-Authenticate defined but not used 
    1100 ; realm defined but not used 
    11011098</pre><h1 id="rfc.section.C"><a href="#rfc.section.C">C.</a>&nbsp;<a id="change.log" href="#change.log">Change Log (to be removed by RFC Editor before publication)</a></h1> 
    11021099      <h2 id="rfc.section.C.1"><a href="#rfc.section.C.1">C.1</a>&nbsp;Since RFC 2616 
     
    12131210      <p id="rfc.section.C.19.p.1">Closed issues: </p> 
    12141211      <ul> 
     1212         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/314">http://tools.ietf.org/wg/httpbis/trac/ticket/314</a>&gt;: "allow unquoted realm parameters" 
     1213         </li> 
    12151214         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/321">http://tools.ietf.org/wg/httpbis/trac/ticket/321</a>&gt;: "Repeating auth-params" 
    12161215         </li> 
     
    12221221         <ul class="ind"> 
    12231222            <li><a id="rfc.index.4" href="#rfc.index.4"><b>4</b></a><ul> 
    1224                   <li>401 Unauthorized (status code)&nbsp;&nbsp;<a href="#rfc.iref.15"><b>3.1</b></a>, <a href="#rfc.xref.status.401.1">5.2</a></li> 
    1225                   <li>407 Proxy Authentication Required (status code)&nbsp;&nbsp;<a href="#rfc.iref.16"><b>3.2</b></a>, <a href="#rfc.xref.status.407.1">5.2</a></li> 
     1223                  <li>401 Unauthorized (status code)&nbsp;&nbsp;<a href="#rfc.iref.12"><b>3.1</b></a>, <a href="#rfc.xref.status.401.1">5.2</a></li> 
     1224                  <li>407 Proxy Authentication Required (status code)&nbsp;&nbsp;<a href="#rfc.iref.13"><b>3.2</b></a>, <a href="#rfc.xref.status.407.1">5.2</a></li> 
    12261225               </ul> 
    12271226            </li> 
     
    12461245                        <li><tt>auth-param</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.2"><b>2.1</b></a></li> 
    12471246                        <li><tt>auth-scheme</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.1"><b>2.1</b></a></li> 
    1248                         <li><tt>Authorization</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.7"><b>4.1</b></a></li> 
     1247                        <li><tt>Authorization</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.6"><b>4.1</b></a></li> 
    12491248                        <li><tt>b64token</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.3"><b>2.1</b></a></li> 
    12501249                        <li><tt>challenge</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.4"><b>2.1</b></a></li> 
    12511250                        <li><tt>credentials</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.5"><b>2.1</b></a></li> 
    1252                         <li><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.8"><b>4.2</b></a></li> 
    1253                         <li><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.9"><b>4.3</b></a></li> 
    1254                         <li><tt>realm</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.6"><b>2.2</b></a></li> 
    1255                         <li><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.10"><b>4.4</b></a></li> 
     1251                        <li><tt>Proxy-Authenticate</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.7"><b>4.2</b></a></li> 
     1252                        <li><tt>Proxy-Authorization</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.8"><b>4.3</b></a></li> 
     1253                        <li><tt>WWW-Authenticate</tt>&nbsp;&nbsp;<a href="#rfc.iref.g.9"><b>4.4</b></a></li> 
    12561254                     </ul> 
    12571255                  </li> 
     
    12911289            <li><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul> 
    12921290                  <li>Realm&nbsp;&nbsp;<a href="#rfc.iref.r.1">2.2</a></li> 
    1293                   <li><tt>realm</tt>&nbsp;&nbsp;<a href="#rfc.iref.r.2"><b>2.2</b></a></li> 
    1294                   <li><tt>realm-value</tt>&nbsp;&nbsp;<a href="#rfc.iref.r.3"><b>2.2</b></a></li> 
    12951291                  <li><em>RFC2119</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2119.1">1.1</a>, <a href="#RFC2119"><b>8.1</b></a></li> 
    12961292                  <li><em>RFC2616</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2616.1">1</a>, <a href="#RFC2616"><b>8.2</b></a>, <a href="#rfc.xref.RFC2616.2">C.1</a></li> 
  • draft-ietf-httpbis/latest/p7-auth.xml

    r1477 r1478  
    430430<t> 
    431431   The authentication parameter realm is reserved for use by authentication 
    432    schemes that wish to indicate the scope of protection: 
    433 </t> 
    434 <figure><artwork type="abnf2616"><iref item="realm" primary="true"/><iref item="realm-value" primary="true"/><iref primary="true" item="Grammar" subitem="realm"/> 
    435   realm       = "realm" <x:ref>BWS</x:ref> "=" <x:ref>BWS</x:ref> realm-value 
    436   realm-value = quoted-string 
    437 </artwork></figure> 
     432   schemes that wish to indicate the scope of protection. 
     433</t> 
    438434<t> 
    439435   A <x:dfn>protection space</x:dfn> is defined by the canonical root URI (the 
     
    457453   otherwise defined by the authentication scheme, a single protection 
    458454   space cannot extend outside the scope of its server. 
     455</t> 
     456<t> 
     457   For historical reasons, senders &MUST; only use the quoted-string syntax. 
     458   Recipients might have to support both token and quoted-string syntax for 
     459   maximum interoperability with existing clients that have been accepting both 
     460   notations for a long time. 
    459461</t> 
    460462</section> 
     
    12091211<x:ref>quoted-string</x:ref> = &lt;quoted-string, defined in [Part1], Section 3.2.3&gt; 
    12101212 
    1211 realm = "realm" BWS "=" BWS realm-value 
    1212 realm-value = quoted-string 
    1213  
    12141213<x:ref>token</x:ref> = &lt;token, defined in [Part1], Section 3.2.3&gt; 
    12151214</artwork> 
     
    12201219; Proxy-Authorization defined but not used 
    12211220; WWW-Authenticate defined but not used 
    1222 ; realm defined but not used 
    12231221</artwork></figure></section> 
    12241222<?ENDINC p7-auth.abnf-appendix ?> 
     
    14581456  <list style="symbols">  
    14591457    <t> 
     1458      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/314"/>: 
     1459      "allow unquoted realm parameters" 
     1460    </t> 
     1461    <t> 
    14601462      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/321"/>: 
    14611463      "Repeating auth-params" 
Note: See TracChangeset for help on using the changeset viewer.