W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2009

RE: Proposed RFC 2617 erratum, Re: Backwards definition of authentication header

From: Paul Leach <paulle@microsoft.com>
Date: Sat, 12 Dec 2009 04:49:46 +0000
To: "Manger, James H" <James.H.Manger@team.telstra.com>, Julian Reschke <julian.reschke@gmx.de>, Eran Hammer-Lahav <eran@hueniverse.com>
CC: "HTTP Working Group (ietf-http-wg@w3.org)" <ietf-http-wg@w3.org>
Message-ID: <2B9FAC59096E044F92BBC81A0B80B4D128DAD8EA@TK5EX14MBXW651.wingroup.windeploy.ntdev.microsoft.com>
The ABNF may not be optimal, but it is correct.

-----Original Message-----
From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Manger, James H
Sent: Friday, December 11, 2009 5:05 PM
To: Julian Reschke; Eran Hammer-Lahav
Cc: HTTP Working Group (ietf-http-wg@w3.org)
Subject: RE: Proposed RFC 2617 erratum, Re: Backwards definition of authentication header

> Reported as <http://www.rfc-editor.org/errata_search.php?eid=1959>
>
> credentials = basic-credentials | auth-scheme SP #auth-param

This looks wrong.
Basic includes the scheme.
The example in the spec is:

  Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==


Perhaps it should be:

  credentials = auth-scheme SP { basic-credentials | #auth-param }

[note: I am not proficient with ABNF]


NTLM and Negotiate also use a scheme followed by a base64-encoded blob, just like Basic.
The following example is from RFC 4559 "SPNEGO-based Kerberos and NTLM HTTP Auth in MS Windows" (which annoying looks like lower-case hex, though the text says it is base64):

  Authorization: Negotiate a87421000492aa874209af8bc028


The ABNF may as well support the Basic/NTLM/Negotiate form regardless of scheme, instead of a special case for just Basic (either as an RFC 2617 errata or an httpbis item?).

I am not sure how to write the ABNF. Here is a wild guess:

  credentials = auth-scheme SP { token | #auth-param }



-- 
James Manger

Received on Saturday, 12 December 2009 04:49:57 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:14 GMT