W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2015

The Hypertext Transfer Protocol (HTTP) Authentication-Info Header Field

From: Julian Reschke <julian.reschke@gmx.de>
Date: Wed, 28 Jan 2015 09:56:44 +0100
Message-ID: <54C8A44C.8080308@gmx.de>
To: HTTP Working Group <ietf-http-wg@w3.org>
Dear WG,

when we worked on RFC 7235, we extracted the authentication framework 
from RFC 2617, but failed to realize that the section about the DIGEST 
authentication scheme indeed added another pair of generic header 
fields: (Proxy-)Authentication-Info.

As a matter of fact, Alexey Melnikov noticed this in time, but back then 
we didn't have the time & energy to do the right thing.

Today, we have the DIGEST revision coming up in the HTTPAuth WG, and 
that still contains the header field definition 
(<https://trac.tools.ietf.org/html/draft-ietf-httpauth-digest-12#section-3.5>). 
Furthermore, Alexey's SCRAM draft uses it, but does not reference DIGEST 
(<https://trac.tools.ietf.org/html/draft-ietf-httpauth-scram-auth-04#section-5>, 
although with a minor syntax variation).

Last weekend I sat down and wrote a tiny draft (5 pages incl. 
boilerplate, ToC, references, whatnot) that makes these header field 
definitions standalone:

<http://greenbytes.de/tech/webdav/draft-reschke-httpauth-auth-info-00.html> 
(*)

...with the purpose of

- allowing DIGEST refer to it instead of in-lining the definition,

- allowing Alexey to use it, and most importantly

- having a clear path for RFC 7235bis.

The last point makes it a candidate for this working group; to be useful 
for the work over in HTTPAuth we'd need to be quick, though; optimally 
IETF LC before the Dallas meeting; given the size of the draft this 
should be possible...

What do others think?

Best regards, Julian

(*) The boilerplate says to send feedback to HTTPAuth, please ignore 
this for now.
Received on Wednesday, 28 January 2015 08:57:21 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:14:42 UTC