#257: Considerations for new authentications schemes from Julian Reschke on 2011-07-26 (ietf-http-wg@w3.org from July to September 2011)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 26 Jul 2011 18:04:11 +0200
To: HTTP Working Group <ietf-http-wg@w3.org>
Message-ID: <4E2EE57B.90104@gmx.de>

Hi there,

as a start, I have added:

2.3.1.  Considerations for New Authentication Schemes

    There are certain aspects of the HTTP Authentication Framework that
    put constraints on how new authentication schemes can work:

    o  Authentication schemes need to be compatible with the inherent
       constraints of HTTP; for instance, that messages need to keep
       their semantics when inspected in isolation, thus an
       authentication scheme can not bind information to the TCP session
       over which the message was received (see Section 2.2 of [Part1]).

    o  The authentication parameter "realm" is reserved for defining
       Protection Spaces as defined in Section 2.2.  New schemes MUST NOT
       use it in a way incompatible with that definition.

    o  Authentication schemes need to document wether they are usable in
       origin-server authentication (i.e., using WWW-Authenticate),
       and/or proxy authentication (i.e., using Proxy-Authenticate).


(see <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1356>).

Best regards, Julian

Received on Tuesday, 26 July 2011 16:04:54 UTC