W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

#257: Considerations for new authentications schemes

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 26 Jul 2011 18:04:11 +0200
Message-ID: <4E2EE57B.90104@gmx.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
Hi there,

as a start, I have added:

2.3.1.  Considerations for New Authentication Schemes

    There are certain aspects of the HTTP Authentication Framework that
    put constraints on how new authentication schemes can work:

    o  Authentication schemes need to be compatible with the inherent
       constraints of HTTP; for instance, that messages need to keep
       their semantics when inspected in isolation, thus an
       authentication scheme can not bind information to the TCP session
       over which the message was received (see Section 2.2 of [Part1]).

    o  The authentication parameter "realm" is reserved for defining
       Protection Spaces as defined in Section 2.2.  New schemes MUST NOT
       use it in a way incompatible with that definition.

    o  Authentication schemes need to document wether they are usable in
       origin-server authentication (i.e., using WWW-Authenticate),
       and/or proxy authentication (i.e., using Proxy-Authenticate).


(see <http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1356>).

Best regards, Julian
Received on Tuesday, 26 July 2011 16:04:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:46 GMT