* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days
Last modified 2 years ago Last modified on 2012-06-04 22:21:27

HTTP Authentication Extensions for Interactive Clients

The Internet-Draft

http://tools.ietf.org/html/draft-oiwa-httpbis-auth-extension-00

Previous versions are available as draft-oiwa-http-auth-extension

Overview

  • Fill gaps between current HTTP authentication framework and Web application needs
    • Concurrent support for guest (unauthenticated) users on the same page as for authenticated users (optional authentication)
    • Log-out
    • Session timeout
    • Customized pages for log-in/log-out interface (incl. announcements, warnings or advertisement)
    • etc.
  • Easily-understandable API used from Web applications
    • Optional authentication: configure it to Web server and it's all OK
    • Others: just set an Authentication-Control: HTTP header and it's all
      • Easy deployment: the header can be configured statically
        • no CGIs required on common cases
        • carefully designed so that these headers will be ignored whenever not applicable or meaningful
  • Not harmful for non-Web applications, too: base authn. semantics is not changed, so just ignore the header is enough

Use cases

See the Section 5 of the draft for information on how to use this extension.

Implementations

Reference implementations for Mutual authentication, available on project homepage, implements these extensions, too.