One document matched: draft-ietf-httpauth-extension-00.ps
%!PS-Adobe-3.0
%%Title: HTTP Authentication Extensions for Interactive Clients
%%Creator: html2ps version 1.0 beta5
%%CreationDate: Mon Jul 1 06:29:00 2013
%%DocumentNeededResources: font Times-Roman Times-Bold Courier Courier-Oblique
%%+ font Helvetica
%%DocumentData: Clean7Bit
%%Orientation: Portrait
%%BoundingBox: 0 0 596 842
%%Pages: 16
%%EndComments
%%BeginProlog
/d {bind def} bind def
/D {def} d
/ie {ifelse} d
/E {exch} d
/t true D
/f false D
/FL [/Times-Roman
/Times-Italic
/Times-Bold
/Times-BoldItalic
/Courier
/Courier-Oblique
/Courier-Bold
/Courier-BoldOblique
/Helvetica
/Helvetica-Oblique
/Helvetica-Bold
/Helvetica-BoldOblique] D
/Cd {aload length 2 idiv dup dict begin {D} repeat currentdict end} D
/reencodeISO {
dup dup findfont dup length dict begin{1 index /FID ne{D}{pop pop}ie}forall
/Encoding ISOLatin1Encoding D currentdict end definefont} D
/ISOLatin1Encoding [
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright
/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash
/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon
/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N
/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright
/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m
/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/space/exclamdown/cent/sterling/currency/yen/brokenbar
/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot
/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior
/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine
/guillemotright/onequarter/onehalf/threequarters/questiondown
/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla
/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute
/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis
/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave
/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex
/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis
/yacute/thorn/ydieresis
] D
[128/backslash 129/parenleft 130/parenright 141/circumflex 142/tilde
143/perthousand 144/dagger 145/daggerdbl 146/Ydieresis 147/scaron 148/Scaron
149/oe 150/OE 151/guilsinglleft 152/guilsinglright 153/quotesinglbase
154/quotedblbase 155/quotedblleft 156/quotedblright 157/endash 158/emdash
159/trademark]
aload length 2 idiv 1 1 3 -1 roll{pop ISOLatin1Encoding 3 1 roll put}for
/colorimage where{pop}{
/colorimage {
pop pop /Pr E D {/Cv Pr D /Gr Cv length 3 idiv string D 0 1 Gr length 1 sub
{Gr E dup /i E 3 mul D Cv i get 0.299 mul Cv i 1 add get 0.587 mul add
Cv i 2 add get 0.114 mul add cvi put}for Gr} image} D
}ie
/pdfmark where{pop}{userdict /pdfmark /cleartomark load put}ie
/MySymbol 10 dict dup begin
/FontType 3 D /FontMatrix [.001 0 0 .001 0 0 ] D /FontBBox [25 -10 600 600] D
/Encoding 256 array D 0 1 255{Encoding exch /.notdef put}for
Encoding (e) 0 get /euro put
/Metrics 2 dict D Metrics begin
/.notdef 0 D
/euro 651 D
end
/BBox 2 dict D BBox begin
/.notdef [0 0 0 0] D
/euro [25 -10 600 600] D
end
/CharacterDefs 2 dict D CharacterDefs begin
/.notdef {} D
/euro{newpath 114 600 moveto 631 600 lineto 464 200 lineto 573 200 lineto
573 0 lineto -94 0 lineto 31 300 lineto -10 300 lineto closepath clip
50 setlinewidth newpath 656 300 moveto 381 300 275 0 360 arc stroke
-19 350 moveto 600 0 rlineto -19 250 moveto 600 0 rlineto stroke}d
end
/BuildChar{0 begin
/char E D /fontdict E D /charname fontdict /Encoding get char get D
fontdict begin
Metrics charname get 0 BBox charname get aload pop setcachedevice
CharacterDefs charname get exec
end
end}D
/BuildChar load 0 3 dict put /UniqueID 1 D
end
definefont pop
/Nf {dup 0 ge{FL E get}{-1 eq{/Symbol}{/MySymbol}ie}ie findfont
E scalefont setfont} D
/IP {currentfile picstr readhexstring pop} D
/WF t D
/F 1 D
/N {showpage} d
/RL {rlineto} d
/S {show} d
/L {lineto} d
/M {moveto} d
/A {awidthshow} d
/RM {rmoveto} d
%%EndProlog
%%BeginSetup
%%PaperSize: A4
WF{FL{reencodeISO D}forall}{4 1 FL length 1 sub{FL E get reencodeISO D}for}ie
/Symbol dup dup findfont dup length dict begin
{1 index /FID ne{D}{pop pop}ie}forall /Encoding [Encoding aload pop]
dup 128 /therefore put D currentdict end definefont D
[/Creator (html2ps version 1.0 beta5) /Author () /Keywords (HTTP, authentication) /Subject () /Title (HTTP Authentication Extensions for Interactive Clients) /DOCINFO pdfmark
[/PageMode /UseOutlines /DOCVIEW pdfmark
[/Count 1 /Dest /80 /Title (HTTP Authentication Extensions for Interactive Clients draft-ietf-httpauth-extension-00) /OUT pdfmark
[/Count 22 /Dest /81 /Title () /OUT pdfmark
[/Dest /81 /Title (Abstract) /OUT pdfmark
[/Dest /82 /Title (Status of this Memo) /OUT pdfmark
[/Dest /83 /Title (Copyright Notice) /OUT pdfmark
[/Dest /84 /Title (Table of Contents) /OUT pdfmark
[/Count -1 /Dest /85 /Title (1. Introduction) /OUT pdfmark
[/Dest /86 /Title (1.1. Terminology) /OUT pdfmark
[/Count -2 /Dest /87 /Title (2. Definitions) /OUT pdfmark
[/Dest /88 /Title (2.1. Terms for describing authentication protocol flow) /OUT pdfmark
[/Dest /89 /Title (2.2. Syntax Notation) /OUT pdfmark
[/Dest /90 /Title (3. Optional Authentication) /OUT pdfmark
[/Count -5 /Dest /91 /Title (4. Authentication-Control header) /OUT pdfmark
[/Dest /92 /Title (4.1. Auth-style parameter) /OUT pdfmark
[/Dest /93 /Title (4.2. Location-when-unauthenticated parameter) /OUT pdfmark
[/Dest /94 /Title (4.3. No-auth parameter) /OUT pdfmark
[/Dest /95 /Title (4.4. Location-when-logout parameter) /OUT pdfmark
[/Dest /96 /Title (4.5. Logout-timeout) /OUT pdfmark
[/Count -7 /Dest /97 /Title (5. Usage examples \(informative\)) /OUT pdfmark
[/Dest /98 /Title (5.1. Example 1: a portal site) /OUT pdfmark
[/Dest /99 /Title (5.1.1. Case 1: a simple application) /OUT pdfmark
[/Dest /100 /Title (5.1.2. Case 2: specific action required on log-out) /OUT pdfmark
[/Dest /101 /Title (5.1.3. Case 3: specific page displayed before log-in) /OUT pdfmark
[/Dest /102 /Title (5.2. Example 2: authenticated user-only sites) /OUT pdfmark
[/Dest /103 /Title (5.3. When to use Cookies) /OUT pdfmark
[/Dest /104 /Title (5.4. Parallel deployment with Form/Cookie authentications) /OUT pdfmark
[/Dest /105 /Title (6. Methods to extend this protocol) /OUT pdfmark
[/Dest /106 /Title (7. IANA Considerations) /OUT pdfmark
[/Dest /107 /Title (8. Security Considerations) /OUT pdfmark
[/Count -2 /Dest /108 /Title (9. References) /OUT pdfmark
[/Dest /109 /Title (9.1. Normative References) /OUT pdfmark
[/Dest /110 /Title (9.2. Informative References) /OUT pdfmark
[/Dest /111 /Title (Appendix A. \(Informative\) Applicability of features for each messages) /OUT pdfmark
[/Dest /112 /Title (Appendix B. \(Informative\) Draft Notes) /OUT pdfmark
[/Dest /113 /Title (Appendix C. \(Informative\) Draft Change Log) /OUT pdfmark
[/Dest /114 /Title (C.1. Changes in Httpauth revision 00) /OUT pdfmark
[/Dest /115 /Title (C.2. Changes in HttpBis revision 00) /OUT pdfmark
[/Dest /116 /Title (C.3. Changes in revision 02) /OUT pdfmark
[/Dest /117 /Title (C.4. Changes in revision 01) /OUT pdfmark
[/Dest /118 /Title (C.5. Changes in revision 00) /OUT pdfmark
[/Dest /119 /Title (Authors' Addresses) /OUT pdfmark
%%EndSetup
%%Page: 1 1
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 842 null] /Dest /0 /DEST pdfmark
0 -0 M
save
2.5 -13.5 M
%%IncludeResource: font Times-Roman
11 0 Nf
(HTTPAUTH Working ) S
(Group) S
204.2 -13.5 M
(Y. ) S
(Oiwa) S
2.5 -32.2 M
(Internet-Draft) S
204.2 -32.2 M
(H. ) S
(Watanabe) S
2.5 -51 M
(Intended status: ) S
(Experimental) S
204.2 -51 M
(H. ) S
(Takagi) S
2.5 -69.8 M
(Expires: January 2, ) S
(2014) S
204.2 -69.8 M
(RISEC, ) S
(AIST) S
2.5 -88.5 M
(\240) S
204.2 -88.5 M
(B. ) S
(Kihara) S
2.5 -107.2 M
(\240) S
204.2 -107.2 M
(T. ) S
(Hayashi) S
2.5 -126 M
(\240) S
204.2 -126 M
(Lepidum) S
2.5 -144.8 M
(\240) S
204.2 -144.8 M
(Y. ) S
(Ioku) S
2.5 -163.5 M
(\240) S
204.2 -163.5 M
(Yahoo! ) S
(Japan) S
2.5 -182.2 M
(\240) S
204.2 -182.2 M
(July 1, ) S
(2013) S
0 -187.5 M
restore
227 -202.7 M
[/View [/XYZ -4 842 null] /Dest /80 /DEST pdfmark
30.7 -221.7 M
%%IncludeResource: font Times-Bold
19 2 Nf
(HTTP Authentication Extensions for Interactive ) S
198.5 -244.5 M
(Clients) S
97.7 -267.3 M
(draft-ietf-httpauth-extension-00) S
0 -297.3 M
15 2 Nf
(Abstract) S
[/View [/XYZ -4 477.7 null] /Dest /81 /DEST pdfmark
0 -321.5 M
11 0 Nf
1.15983069 0 32 0 0 (This document specifies a few extensions of HTTP authentication framework for interactive clients.) A
0 -334.7 M
0.569602251 0 32 0 0 (Recently, fundamental features of HTTP-level authentication is not enough for complex requirements) A
0 -347.9 M
5.34304 0 32 0 0 (of various Web-based applications. This makes these applications to implement their own) A
0 -361.1 M
1.13762021 0 32 0 0 (authentication frameworks using HTML Forms and other means, which becomes one of the hurdles) A
0 -374.3 M
3.25195312 0 32 0 0 (against introducing secure authentication mechanisms handled jointly by servers and user-agent) A
0 -387.5 M
3.90198874 0 32 0 0 (clients. The extended framework fills gaps between Web application requirements and HTTP) A
0 -400.7 M
3.64453125 0 32 0 0 (authentication provisions to solve the above problems, while maintaining compatibility against) A
0 -413.9 M
(existing Web and non-Web uses of HTTP authentications. ) S
0 -443.9 M
15 2 Nf
(Status) S
[/View [/XYZ -4 331.099915 null] /Dest /82 /DEST pdfmark
( of this ) S
(Memo) S
0 -468.1 M
11 0 Nf
(This Internet-Draft is submitted in full conformance with the provisions of BCP\24078 and ) S
(BCP\24079.) S
0 -492.3 M
0.34375 0 32 0 0 (Internet-Drafts are working documents of the Internet Engineering Task Force \(IETF\). Note that other) A
0 -505.5 M
0.389423072 0 32 0 0 (groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is) A
0 -518.7 M
(at ) S
(http://datatracker.ietf.org/drafts/current/.) S
0 -542.9 M
0.275781244 0 32 0 0 (Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced,) A
0 -556.1 M
1.51927078 0 32 0 0 (or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference) A
0 -569.3 M
(material or to cite them other than as \233work in ) S
(progress.\234) S
0 -593.5 M
(This Internet-Draft will expire on January 2, ) S
(2014.) S
0 -605.5 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 1 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 2 2
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Copyright) S
[/View [/XYZ -4 757.0 null] /Dest /83 /DEST pdfmark
( ) S
(Notice) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Copyright \(c\) 2013 IETF Trust and the persons identified as the document authors. All rights ) S
(reserved.) S
0 -66.4 M
3.1208334 0 32 0 0 (This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF) A
0 -79.6 M
1.34730113 0 32 0 0 (Documents \(http://trustee.ietf.org/license-info\) in effect on the date of publication of this document.) A
0 -92.8 M
0.819475472 0 32 0 0 (Please review these documents carefully, as they describe your rights and restrictions with respect to) A
0 -106 M
0.287109375 0 32 0 0 (this document. Code Components extracted from this document must include Simplified BSD License) A
0 -119.2 M
1.24951172 0 32 0 0 (text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as) A
0 -132.4 M
(described in the Simplified BSD ) S
(License.) S
0 -143.4 M
[/View [/XYZ -4 613.6 null] /Dest /1 /DEST pdfmark
0 -162.4 M
15 2 Nf
(Table) S
[/View [/XYZ -4 612.6 null] /Dest /84 /DEST pdfmark
( of ) S
(Contents) S
0 -186.6 M
gsave
newpath
0 -187.7 M
8.25 0 RL
stroke
grestore
11 0 Nf
(1.) S
[/Rect [-1.0 -189.349991 9.25 -177.249985] /Subtype /Link /Border [0 0 0] /Dest /2 /ANN pdfmark
(\240 ) S
(Introduction) S
0 -199.8 M
(\240\240\240\240) S
gsave
newpath
11 -200.9 M
16.5 0 RL
stroke
grestore
(1.1.) S
[/Rect [10.0 -202.549988 28.5 -190.449982] /Subtype /Link /Border [0 0 0] /Dest /4 /ANN pdfmark
(\240 ) S
(Terminology) S
0 -213 M
gsave
newpath
0 -214.1 M
8.25 0 RL
stroke
grestore
(2.) S
[/Rect [-1.0 -215.749985 9.25 -203.649979] /Subtype /Link /Border [0 0 0] /Dest /6 /ANN pdfmark
(\240 ) S
(Definitions) S
0 -226.2 M
(\240\240\240\240) S
gsave
newpath
11 -227.3 M
16.5 0 RL
stroke
grestore
(2.1.) S
[/Rect [10.0 -228.949982 28.5 -216.849976] /Subtype /Link /Border [0 0 0] /Dest /8 /ANN pdfmark
(\240 Terms for describing authentication protocol ) S
(flow) S
0 -239.4 M
(\240\240\240\240) S
gsave
newpath
11 -240.5 M
16.5 0 RL
stroke
grestore
(2.2.) S
[/Rect [10.0 -242.149979 28.5 -230.049973] /Subtype /Link /Border [0 0 0] /Dest /11 /ANN pdfmark
(\240 Syntax ) S
(Notation) S
0 -252.6 M
gsave
newpath
0 -253.7 M
8.25 0 RL
stroke
grestore
(3.) S
[/Rect [-1.0 -255.349976 9.25 -243.249969] /Subtype /Link /Border [0 0 0] /Dest /14 /ANN pdfmark
(\240 Optional ) S
(Authentication) S
0 -265.8 M
gsave
newpath
0 -266.9 M
8.25 0 RL
stroke
grestore
(4.) S
[/Rect [-1.0 -268.55 9.25 -256.449982] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\240 Authentication-Control ) S
(header) S
0 -279 M
(\240\240\240\240) S
gsave
newpath
11 -280.1 M
16.5 0 RL
stroke
grestore
(4.1.) S
[/Rect [10.0 -281.75 28.5 -269.65] /Subtype /Link /Border [0 0 0] /Dest /20 /ANN pdfmark
(\240 Auth-style ) S
(parameter) S
0 -292.2 M
(\240\240\240\240) S
gsave
newpath
11 -293.3 M
16.5 0 RL
stroke
grestore
(4.2.) S
[/Rect [10.0 -294.95 28.5 -282.85] /Subtype /Link /Border [0 0 0] /Dest /22 /ANN pdfmark
(\240 Location-when-unauthenticated ) S
(parameter) S
0 -305.4 M
(\240\240\240\240) S
gsave
newpath
11 -306.5 M
16.5 0 RL
stroke
grestore
(4.3.) S
[/Rect [10.0 -308.150024 28.5 -296.050018] /Subtype /Link /Border [0 0 0] /Dest /24 /ANN pdfmark
(\240 No-auth ) S
(parameter) S
0 -318.6 M
(\240\240\240\240) S
gsave
newpath
11 -319.7 M
16.5 0 RL
stroke
grestore
(4.4.) S
[/Rect [10.0 -321.350037 28.5 -309.250031] /Subtype /Link /Border [0 0 0] /Dest /26 /ANN pdfmark
(\240 Location-when-logout ) S
(parameter) S
0 -331.8 M
(\240\240\240\240) S
gsave
newpath
11 -332.9 M
16.5 0 RL
stroke
grestore
(4.5.) S
[/Rect [10.0 -334.550049 28.5 -322.450043] /Subtype /Link /Border [0 0 0] /Dest /28 /ANN pdfmark
(\240 ) S
(Logout-timeout) S
0 -345 M
gsave
newpath
0 -346.1 M
8.25 0 RL
stroke
grestore
(5.) S
[/Rect [-1.0 -347.750061 9.25 -335.650055] /Subtype /Link /Border [0 0 0] /Dest /30 /ANN pdfmark
(\240 Usage examples ) S
(\(informative\)) S
0 -358.2 M
(\240\240\240\240) S
gsave
newpath
11 -359.3 M
16.5 0 RL
stroke
grestore
(5.1.) S
[/Rect [10.0 -360.950073 28.5 -348.850067] /Subtype /Link /Border [0 0 0] /Dest /32 /ANN pdfmark
(\240 Example 1: a portal ) S
(site) S
0 -371.4 M
(\240\240\240\240\240\240\240\240) S
gsave
newpath
22 -372.5 M
24.75 0 RL
stroke
grestore
(5.1.1.) S
[/Rect [21.0 -374.150085 47.75 -362.050079] /Subtype /Link /Border [0 0 0] /Dest /34 /ANN pdfmark
(\240 Case 1: a simple ) S
(application) S
0 -384.6 M
(\240\240\240\240\240\240\240\240) S
gsave
newpath
22 -385.7 M
24.75 0 RL
stroke
grestore
(5.1.2.) S
[/Rect [21.0 -387.350098 47.75 -375.250092] /Subtype /Link /Border [0 0 0] /Dest /36 /ANN pdfmark
(\240 Case 2: specific action required on ) S
(log-out) S
0 -397.8 M
(\240\240\240\240\240\240\240\240) S
gsave
newpath
22 -398.9 M
24.75 0 RL
stroke
grestore
(5.1.3.) S
[/Rect [21.0 -400.55011 47.75 -388.450104] /Subtype /Link /Border [0 0 0] /Dest /38 /ANN pdfmark
(\240 Case 3: specific page displayed before ) S
(log-in) S
0 -411 M
(\240\240\240\240) S
gsave
newpath
11 -412.1 M
16.5 0 RL
stroke
grestore
(5.2.) S
[/Rect [10.0 -413.750122 28.5 -401.650116] /Subtype /Link /Border [0 0 0] /Dest /40 /ANN pdfmark
(\240 Example 2: authenticated user-only ) S
(sites) S
0 -424.2 M
(\240\240\240\240) S
gsave
newpath
11 -425.3 M
16.5 0 RL
stroke
grestore
(5.3.) S
[/Rect [10.0 -426.950134 28.5 -414.850128] /Subtype /Link /Border [0 0 0] /Dest /42 /ANN pdfmark
(\240 When to use ) S
(Cookies) S
0 -437.4 M
(\240\240\240\240) S
gsave
newpath
11 -438.5 M
16.5 0 RL
stroke
grestore
(5.4.) S
[/Rect [10.0 -440.150146 28.5 -428.05014] /Subtype /Link /Border [0 0 0] /Dest /44 /ANN pdfmark
(\240 Parallel deployment with Form/Cookie ) S
(authentications) S
0 -450.6 M
gsave
newpath
0 -451.7 M
8.25 0 RL
stroke
grestore
(6.) S
[/Rect [-1.0 -453.350159 9.25 -441.250153] /Subtype /Link /Border [0 0 0] /Dest /46 /ANN pdfmark
(\240 Methods to extend this ) S
(protocol) S
0 -463.8 M
gsave
newpath
0 -464.9 M
8.25 0 RL
stroke
grestore
(7.) S
[/Rect [-1.0 -466.550171 9.25 -454.450165] /Subtype /Link /Border [0 0 0] /Dest /48 /ANN pdfmark
(\240 IANA ) S
(Considerations) S
0 -477 M
gsave
newpath
0 -478.1 M
8.25 0 RL
stroke
grestore
(8.) S
[/Rect [-1.0 -479.750183 9.25 -467.650177] /Subtype /Link /Border [0 0 0] /Dest /50 /ANN pdfmark
(\240 Security ) S
(Considerations) S
0 -490.2 M
gsave
newpath
0 -491.3 M
8.25 0 RL
stroke
grestore
(9.) S
[/Rect [-1.0 -492.950195 9.25 -480.850189] /Subtype /Link /Border [0 0 0] /Dest /54 /ANN pdfmark
(\240 ) S
(References) S
0 -503.4 M
(\240\240\240\240) S
gsave
newpath
11 -504.5 M
16.5 0 RL
stroke
grestore
(9.1.) S
[/Rect [10.0 -506.150208 28.5 -494.050201] /Subtype /Link /Border [0 0 0] /Dest /54 /ANN pdfmark
(\240 Normative ) S
(References) S
0 -516.6 M
(\240\240\240\240) S
gsave
newpath
11 -517.7 M
16.5 0 RL
stroke
grestore
(9.2.) S
[/Rect [10.0 -519.35022 28.5 -507.250214] /Subtype /Link /Border [0 0 0] /Dest /59 /ANN pdfmark
(\240 Informative ) S
(References) S
0 -529.8 M
gsave
newpath
0 -530.9 M
56.8203125 0 RL
stroke
grestore
(Appendix\240A.) S
[/Rect [-1.0 -532.550232 57.8203125 -520.450256] /Subtype /Link /Border [0 0 0] /Dest /79 /ANN pdfmark
(\240 \(Informative\) Applicability of features for each ) S
(messages) S
0 -543 M
gsave
newpath
0 -544.1 M
56.2148438 0 RL
stroke
grestore
(Appendix\240B.) S
[/Rect [-1.0 -545.750244 57.2148438 -533.650269] /Subtype /Link /Border [0 0 0] /Dest /64 /ANN pdfmark
(\240 \(Informative\) Draft ) S
(Notes) S
0 -556.2 M
gsave
newpath
0 -557.3 M
56.2148438 0 RL
stroke
grestore
(Appendix\240C.) S
[/Rect [-1.0 -558.950256 57.2148438 -546.850281] /Subtype /Link /Border [0 0 0] /Dest /66 /ANN pdfmark
(\240 \(Informative\) Draft Change ) S
(Log) S
0 -569.4 M
(\240\240\240\240) S
gsave
newpath
11 -570.5 M
18.3359375 0 RL
stroke
grestore
(C.1.) S
[/Rect [10.0 -572.150269 30.3359375 -560.050293] /Subtype /Link /Border [0 0 0] /Dest /68 /ANN pdfmark
(\240 Changes in Httpauth revision ) S
(00) S
0 -582.6 M
(\240\240\240\240) S
gsave
newpath
11 -583.7 M
18.3359375 0 RL
stroke
grestore
(C.2.) S
[/Rect [10.0 -585.350281 30.3359375 -573.250305] /Subtype /Link /Border [0 0 0] /Dest /70 /ANN pdfmark
(\240 Changes in HttpBis revision ) S
(00) S
0 -595.8 M
(\240\240\240\240) S
gsave
newpath
11 -596.9 M
18.3359375 0 RL
stroke
grestore
(C.3.) S
[/Rect [10.0 -598.550293 30.3359375 -586.450317] /Subtype /Link /Border [0 0 0] /Dest /72 /ANN pdfmark
(\240 Changes in revision ) S
(02) S
0 -609 M
(\240\240\240\240) S
gsave
newpath
11 -610.1 M
18.3359375 0 RL
stroke
grestore
(C.4.) S
[/Rect [10.0 -611.750305 30.3359375 -599.65033] /Subtype /Link /Border [0 0 0] /Dest /74 /ANN pdfmark
(\240 Changes in revision ) S
(01) S
0 -622.2 M
(\240\240\240\240) S
gsave
newpath
11 -623.3 M
18.3359375 0 RL
stroke
grestore
(C.5.) S
[/Rect [10.0 -624.950317 30.3359375 -612.850342] /Subtype /Link /Border [0 0 0] /Dest /76 /ANN pdfmark
(\240 Changes in revision ) S
(00) S
0 -635.4 M
gsave
newpath
0 -636.5 M
5.5 0 RL
stroke
grestore
(\247) S
[/Rect [-1.0 -638.15033 6.5 -626.050354] /Subtype /Link /Border [0 0 0] /Dest /78 /ANN pdfmark
(\240 Authors' ) S
(Addresses) S
0 -635.4 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 2 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 3 3
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /2 /DEST pdfmark
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /3 /DEST pdfmark
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(1.) S
[/View [/XYZ -4 757.0 null] /Dest /85 /DEST pdfmark
( ) S
(Introduction) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.6484375 0 32 0 0 (The document proposes several extensions to the current HTTP authentication framework, to provide) A
0 -55.4 M
0.107031249 0 32 0 0 (enough functionality comparable with current widely-used form-based Web authentication. A majority) A
0 -68.6 M
1.37571025 0 32 0 0 (of the recent Web-sites on the Internet use custom application-layer authentication implementations) A
0 -81.8 M
1.38354492 0 32 0 0 (using Web forms. The reasons for these may vary, but many people believe that the current HTTP) A
0 -95 M
3.24153638 0 32 0 0 (Basic \(and Digest, too\) authentication method does not have enough functionality \(including a) A
0 -108.2 M
3.09801126 0 32 0 0 (good-feeling user interfaces\) to support most of realistic Web-based applications. However, the) A
0 -121.4 M
3.95842624 0 32 0 0 (method is very weak against phishing and other attacks, because the whole behavior of the) A
0 -134.6 M
0.857572138 0 32 0 0 (authentication is controlled from the server-side applications. This makes it really hard to implement) A
0 -147.8 M
4.19648457 0 32 0 0 (any cryptographically strong authentication mechanisms into Web systems. To overcome this) A
0 -161 M
0.717122376 0 32 0 0 (problem, we need to "modernize" the HTTP authentication framework so that better client-controlled) A
0 -174.2 M
0.0733817 0 32 0 0 (secure methods can be used with Web applications. The extensions proposed in this document include: ) A
11 -194.8 M
gsave
0 setgray
newpath
11.0 -194.769989 2.75 0 360 arc
closepath
fill
grestore
22 -198.4 M
(non-mandatory, optional authentication on HTTP ) S
(\() S
gsave
newpath
246.2 -199.5 M
41.2382812 0 RL
stroke
grestore
(Section\2403) S
[/Rect [245.199219 -201.149979 288.4375 -189.049973] /Subtype /Link /Border [0 0 0] /Dest /14 /ANN pdfmark
(\), ) S
11 -209 M
gsave
0 setgray
newpath
11.0 -208.969986 2.75 0 360 arc
closepath
fill
grestore
22 -212.6 M
(log out from both server and client side ) S
(\() S
gsave
newpath
201.6 -213.7 M
41.2382812 0 RL
stroke
grestore
(Section\2404) S
[/Rect [200.589844 -215.349976 243.828125 -203.249969] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\), and ) S
11 -223.2 M
gsave
0 setgray
newpath
11.0 -223.169983 2.75 0 360 arc
closepath
fill
grestore
22 -226.8 M
(finer control for redirection depending on authentication status ) S
(\() S
gsave
newpath
304.2 -227.9 M
41.2382812 0 RL
stroke
grestore
(Section\2404) S
[/Rect [303.195312 -229.549973 346.433594 -217.449966] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\).) S
0 -251 M
1.61914062 0 32 0 0 ([I-D note: These extensions are initially proposed as a part of ) A
gsave
newpath
289.9 -252.1 M
113.898438 0 RL
stroke
grestore
1.61914062 0 32 0 0 ([I-D.ietf-httpauth-mutual]) A
[/Rect [288.902344 -253.749969 404.800781 -241.649963] /Subtype /Link /Border [0 0 0] /Dest /60 /ANN pdfmark
1.61914062 0 32 0 0 (. However,) A
0 -264.2 M
2.045573 0 32 0 0 (since these functionalities might possibly be useful in combination even with other authentication) A
0 -277.4 M
(schemes, the extensions were separated from the original document as this independent draft.] ) S
0 -288.4 M
[/View [/XYZ -4 468.6 null] /Dest /4 /DEST pdfmark
0 -288.4 M
[/View [/XYZ -4 468.6 null] /Dest /5 /DEST pdfmark
0 -304 M
13 2 Nf
(1.1.) S
[/View [/XYZ -4 468.6 null] /Dest /86 /DEST pdfmark
( ) S
(Terminology) S
0 -328.2 M
11 0 Nf
2.37011719 0 32 0 0 (The key words "MUST", "MUST\240NOT", "REQUIRED", "SHALL", "SHALL\240NOT", "SHOULD",) A
0 -341.4 M
1.49739587 0 32 0 0 ("SHOULD\240NOT", "RECOMMENDED", "NOT\240RECOMMENDED", "MAY", and "OPTIONAL" in) A
0 -354.6 M
(this document are to be interpreted as described in ) S
gsave
newpath
223.9 -355.7 M
50.1054688 0 RL
stroke
grestore
([RFC2119]) S
[/Rect [222.863281 -357.350037 274.96875 -345.250031] /Subtype /Link /Border [0 0 0] /Dest /57 /ANN pdfmark
(.) S
0 -378.8 M
6.61002588 0 32 0 0 (The terms "encouraged" and "advised" are used for suggestions that do not constitute) A
0 -392 M
3.4172585 0 32 0 0 ("SHOULD"-level requirements. People MAY freely choose not to include the suggested items) A
0 -405.2 M
0.508091509 0 32 0 0 (regarding ) A
gsave
newpath
45.4 -406.3 M
50.1054688 0 RL
stroke
grestore
0.508091509 0 32 0 0 ([RFC2119]) A
[/Rect [44.3984375 -407.950073 96.5039062 -395.850067] /Subtype /Link /Border [0 0 0] /Dest /57 /ANN pdfmark
0.508091509 0 32 0 0 (, but complying with those suggestions would be a best practice; it will improve) A
0 -418.4 M
(the security, interoperability, and/or operational ) S
(performance.) S
0 -442.6 M
0.310302734 0 32 0 0 (This document distinguishes the terms "client" and "user" in the following way: A "client" is an entity) A
0 -455.8 M
0.23401989 0 32 0 0 (understanding and talking HTTP and the specified authentication protocol, usually computer software;) A
0 -469 M
(a "user" is a \(usually natural\) person who wants to access data resources using "a ) S
(client".) S
0 -480 M
[/View [/XYZ -4 276.999878 null] /Dest /6 /DEST pdfmark
0 -480 M
[/View [/XYZ -4 276.999878 null] /Dest /7 /DEST pdfmark
0 -499 M
15 2 Nf
(2.) S
[/View [/XYZ -4 275.999878 null] /Dest /87 /DEST pdfmark
( ) S
(Definitions) S
0 -506.5 M
[/View [/XYZ -4 250.499878 null] /Dest /8 /DEST pdfmark
0 -506.5 M
[/View [/XYZ -4 250.499878 null] /Dest /9 /DEST pdfmark
0 -525 M
13 2 Nf
(2.1.) S
[/View [/XYZ -4 247.599884 null] /Dest /88 /DEST pdfmark
( Terms for describing authentication protocol ) S
(flow) S
0 -549.2 M
11 0 Nf
1.62428975 0 32 0 0 (HTTP Authentication defined in ) A
gsave
newpath
151.9 -550.3 M
110.84375 0 RL
stroke
grestore
1.62428975 0 32 0 0 ([I-D.ietf-httpbis-p7-auth]) A
[/Rect [150.875 -551.950134 263.71875 -539.850159] /Subtype /Link /Border [0 0 0] /Dest /56 /ANN pdfmark
1.62428975 0 32 0 0 ( may involve with several pairs of HTTP) A
0 -562.4 M
3.09410501 0 32 0 0 (requests/responses. Throughout this document, the following terms are used to categorize those) A
0 -575.6 M
(messages: for ) S
(requests,) S
11 -596.2 M
gsave
0 setgray
newpath
11.0 -596.170166 2.75 0 360 arc
closepath
fill
grestore
22 -599.8 M
0.126802891 0 32 0 0 (A non-authenticating request is a request not attempting any authentication: a request without any) A
22 -613 M
(Authorization header. ) S
11 -623.6 M
gsave
0 setgray
newpath
11.0 -623.57019 2.75 0 360 arc
closepath
fill
grestore
22 -627.2 M
(An authenticating request is the opposite: a request with an Authorization header. ) S
0 -638.2 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 3 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 4 4
%%PageResources: font Times-Roman Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(For ) S
(responses,) S
11 -37.4 M
(1\) A non-authenticated response: ) S
33 -50.6 M
0.534895837 0 32 0 0 (is a response which does not involve with any HTTP authentication. It may not contain any) A
33 -63.8 M
(WWW-Authenticate or Authentication-Info header. ) S
33 -77 M
4.33756495 0 32 0 0 (Servers send this response when the requested resource is not protected by HTTP) A
33 -90.2 M
4.6015625 0 32 0 0 (authentication mechanisms. In context of this specification, not-authentication-related) A
33 -103.4 M
(negative responses \(e.g. 403 and 404\) are also considered as non-authenticated responses. ) S
33 -116.6 M
(\(See note on successfully-authenticated responses below for some ambiguous cases.\) ) S
11 -129.8 M
(2\) An authentication-initializing response: ) S
33 -143 M
0.903245211 0 32 0 0 (is a response which requires or allows clients to start authentication attempts. Servers send) A
33 -156.2 M
0.622514188 0 32 0 0 (this response when the requested resource is protected by HTTP authentication mechanism,) A
33 -169.4 M
(and the request meets one of the following cases: ) S
44 -180 M
gsave
0 setgray
newpath
44.0 -179.969986 2.75 0 360 arc
closepath
fill
grestore
55 -183.6 M
(The request is non-authenticating request, or ) S
44 -194.2 M
gsave
0 setgray
newpath
44.0 -194.169983 2.75 0 360 arc
closepath
fill
grestore
55 -197.8 M
1.54154825 0 32 0 0 (The request contained an authentication trial directed to the protection space \(realm\)) A
55 -211 M
(other than the server's expected ) S
(one.) S
33 -224.2 M
(The server will specify the protection space for authentication in this response. ) S
33 -237.4 M
(Upon reception, the client's behavior is further divided to two possible cases. ) S
44 -248 M
gsave
0 setgray
newpath
44.0 -247.969971 2.75 0 360 arc
closepath
fill
grestore
55 -251.6 M
3.67578125 0 32 0 0 (If the client may have no prior knowledge on authentication credentials \(e.g. a) A
55 -264.8 M
0.59765625 0 32 0 0 (user-name and a password\) related to the requested protection space, the protocol flow) A
55 -278 M
(terminates and the client will ask the user to provide authentication credentials, ) S
44 -288.6 M
gsave
0 setgray
newpath
44.0 -288.569977 2.75 0 360 arc
closepath
fill
grestore
55 -292.2 M
0.29296875 0 32 0 0 (On the other hand, if client already have an enough credentials for authentication to the) A
55 -305.4 M
0.440625 0 32 0 0 (requested protection space, the client will automatically send an authenticating request.) A
55 -318.6 M
2.71123791 0 32 0 0 (Such cases often occur when the client did not know beforehand that the current) A
55 -331.8 M
(request-URL requires an authentication. ) S
11 -345 M
(3\) A successfully-authenticated response: ) S
33 -358.2 M
2.40364575 0 32 0 0 (is a response for an authenticating request meaning that the authentication attempt was) A
33 -371.4 M
3.06605124 0 32 0 0 (granted. \(Note: if the authentication scheme used does not use an Authentication-Info) A
33 -384.6 M
(header, it may be indistinguishable from a non-authenticated response.\) ) S
11 -397.8 M
(4\) An intermediate authenticating response: ) S
33 -411 M
0.796038 0 32 0 0 (is a response for an authenticating request which requires some more reaction by the client) A
33 -424.2 M
3.17542624 0 32 0 0 (software without involving users. Such a response is required when an authentication) A
33 -437.4 M
1.81901038 0 32 0 0 (scheme requires two or more round-trip messages to perform authentication, or when an) A
33 -450.6 M
2.649858 0 32 0 0 (authentication scheme uses some speculative short-cut method \(such as uses of cached) A
33 -463.8 M
(shared secrets\) and it failed. ) S
11 -477 M
(5\) A negatively-authenticated response: ) S
33 -490.2 M
0.691706717 0 32 0 0 (is a response for an authenticating request which means that the authentication attempt was) A
33 -503.4 M
1.75234377 0 32 0 0 (declined and can not continue without another authentication credential. Clients typically) A
33 -516.6 M
(erase memory of the currently-using credentials and ask the user for other ones. ) S
33 -529.8 M
0.975060105 0 32 0 0 (Usually the format of these responses are as same as the one for authentication-initializing) A
33 -543 M
2.12044263 0 32 0 0 (responses. Client can distinguish it by comparing the protection spaces contained in the) A
33 -556.2 M
(request and in the response. ) S
0 -580.4 M
gsave
newpath
0 -581.5 M
36.9609375 0 RL
stroke
grestore
5.63671875 0 32 0 0 (Figure\2401) A
[/Rect [-1.0 -583.150208 37.9609375 -571.050232] /Subtype /Link /Border [0 0 0] /Dest /10 /ANN pdfmark
5.63671875 0 32 0 0 ( shows a state diagram of generic HTTP authentication with the above message) A
0 -593.6 M
0.762620211 0 32 0 0 (categorization. Note that many authentication schemes uses only a subset of the transitions described) A
0 -606.8 M
(on the diagram. Labels in the figure show the abbreviated names of response types. ) S
0 -617.8 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -628.8 M
[/View [/XYZ -4 128.199768 null] /Dest /10 /DEST pdfmark
0 -628.8 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 4 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 5 5
%%PageResources: font Times-Roman Times-Bold Courier Courier-Oblique Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -304 M
gsave
0.0 -304.0 translate
/IS 1 D
save
0 0 M
IS IS scale
/showpage {}D
-99 -500 translate
/tgifdict 56 dict def
tgifdict begin
/tgifarrowtipdict 8 dict def
tgifarrowtipdict /mtrx matrix put
/TGAT % tgifarrowtip
{ tgifarrowtipdict begin
/dy exch def
/dx exch def
/h exch def
/w exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
dy dx atan rotate
0 0 moveto
w neg h lineto
w neg h neg lineto
savematrix setmatrix
end
} def
/tgifarcdict 8 dict def
tgifarcdict /mtrx matrix put
/TGAN % tgifarcn
{ tgifarcdict begin
/endangle exch def
/startangle exch def
/yrad exch def
/xrad exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
xrad yrad scale
0 0 1 startangle endangle arc
savematrix setmatrix
end
} def
/TGAR % tgifarc
{ tgifarcdict begin
/endangle exch def
/startangle exch def
/yrad exch def
/xrad exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
xrad yrad scale
0 0 1 startangle endangle arcn
savematrix setmatrix
end
} def
/TGMAX
{ exch dup 3 1 roll exch dup 3 1 roll gt { pop } { exch pop } ifelse
} def
/TGMIN
{ exch dup 3 1 roll exch dup 3 1 roll lt { pop } { exch pop } ifelse
} def
/TGSW { stringwidth pop } def
/bd { bind def } bind def
/GS { gsave } bd
/GR { grestore } bd
/NP { newpath } bd
/CP { closepath } bd
/CHP { charpath } bd
/CT { curveto } bd
/L { lineto } bd
/RL { rlineto } bd
/M { moveto } bd
/RM { rmoveto } bd
/S { stroke } bd
/F { fill } bd
/TR { translate } bd
/RO { rotate } bd
/SC { scale } bd
/MU { mul } bd
/DI { div } bd
/DU { dup } bd
/NE { neg } bd
/AD { add } bd
/SU { sub } bd
/PO { pop } bd
/EX { exch } bd
/CO { concat } bd
/CL { clip } bd
/EC { eoclip } bd
/EF { eofill } bd
/IM { image } bd
/IMM { imagemask } bd
/ARY { array } bd
/SG { setgray } bd
/RG { setrgbcolor } bd
/SD { setdash } bd
/W { setlinewidth } bd
/SM { setmiterlimit } bd
/SLC { setlinecap } bd
/SLJ { setlinejoin } bd
/SH { show } bd
/FF { findfont } bd
/MS { makefont setfont } bd
/AR { arcto 4 {pop} repeat } bd
/CURP { currentpoint } bd
/FLAT { flattenpath strokepath clip newpath } bd
/TGSM { tgiforigctm setmatrix } def
/TGRM { savematrix setmatrix } def
end
tgifdict begin
/tgifsavedpage save def
1 SM
1 W
0 SG
72 0 MU 72 11.602 MU TR
72 128 DI 100.000 MU 100 DI DU NE SC
GS
/tgiforigctm matrix currentmatrix def
NP
0 SG
GS
1 W
250 75 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NEW REQUEST) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NEW REQUEST) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
NP
250 125 M
180 155 L
250 185 L
320 155 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
250 150 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(the requested URI) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(the requested URI) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(known to be authed?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(known to be authed?) SH
GR
GR
0 SG
GS
NP
250 80 M
45 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 125 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 125 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
250 125 8.000 3.000 0 45 TGAT
CP F
GR
0 SG
GS
GS
NP
684 200 M
700 200 700 250 16 AR
700 234 L
700 250 600 250 16 AR
616 250 L
600 250 600 200 16 AR
600 216 L
600 200 700 200 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 220 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(normal request) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(normal request) SH
GR
GR
0 SG
GS
NP
650 200 M
-55 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 145 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 145 8.000 3.000 0 -55 TGAT
1 SG CP F
0 SG
NP
650 145 8.000 3.000 0 -55 TGAT
CP F
GR
NP
0 SG
GS
1 W
650 140 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
320 155 M
70 280 atan DU cos 8.000 MU 600 exch SU
exch sin 8.000 MU 225 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
600 225 8.000 3.000 280 70 TGAT
1 SG CP F
0 SG
NP
600 225 8.000 3.000 280 70 TGAT
CP F
GR
NP
0 SG
GS
1 W
605 175 M
GS
GS
0
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) SH
GR
GR
0 SG
NP
650 295 M
580 325 L
650 355 L
720 325 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
650 320 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(credentials) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(credentials) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(known?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(known?) SH
GR
GR
0 SG
GS
NP
650 250 M
45 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 295 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 295 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
650 295 8.000 3.000 0 45 TGAT
CP F
GR
NP
0 SG
GS
1 W
655 265 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(initializing) SH
GR
GR
0 SG
GS
NP
580 325 M
0 -45 atan DU cos 8.000 MU 535 exch SU
exch sin 8.000 MU 325 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
535 325 8.000 3.000 -45 0 TGAT
1 SG CP F
0 SG
NP
535 325 8.000 3.000 -45 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
475 330 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
NP
0 SG
GS
1 W
570 320 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
NP
0 SG
GS
1 W
330 150 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
0 SG
GS
NP
250 185 M
20 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 205 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 205 8.000 3.000 0 20 TGAT
1 SG CP F
0 SG
NP
250 205 8.000 3.000 0 20 TGAT
CP F
GR
0 SG
GS
GS
NP
284 360 M
300 360 300 410 16 AR
300 394 L
300 410 200 410 16 AR
216 410 L
200 410 200 360 16 AR
200 376 L
200 360 300 360 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
250 380 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) SH
GR
GR
NP
0 SG
GS
1 W
250 585 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
240 410 M
240 440 L
130 0 atan DU cos 8.000 MU 240 exch SU
exch sin 8.000 MU 570 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
240 570 8.000 3.000 0 130 TGAT
1 SG CP F
0 SG
NP
240 570 8.000 3.000 0 130 TGAT
CP F
GR
NP
0 SG
GS
1 W
285 505 M
GS
GS
0
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) SH
GR
GR
0 SG
GS
NP
300 385 M
0 100 atan DU cos 8.000 MU 400 exch SU
exch sin 8.000 MU 385 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
400 385 8.000 3.000 100 0 TGAT
1 SG CP F
0 SG
NP
400 385 8.000 3.000 100 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
345 380 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(negative) SH
GR
GR
NP
0 SG
GS
1 W
450 390 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_FAILED) TGSW
AD
/Times-Roman FF [12 0 0 -12 0 0] MS
(:) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_FAILED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(:) SH
GR
GR
NP
0 SG
GS
1 W
450 590 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_SUCCEED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_SUCCEED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
295 405 M
170 105 atan DU cos 8.000 MU 400 exch SU
exch sin 8.000 MU 575 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
400 575 8.000 3.000 105 170 TGAT
1 SG CP F
0 SG
NP
400 575 8.000 3.000 105 170 TGAT
CP F
GR
NP
0 SG
GS
1 W
375 522 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(success. auth) SH
GR
GR
0 SG
GS
GS
NP
684 460 M
700 460 700 510 16 AR
700 494 L
700 510 600 510 16 AR
616 510 L
600 510 600 460 16 AR
600 476 L
600 460 700 460 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 480 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) SH
GR
GR
0 SG
GS
NP
650 355 M
105 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 460 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 460 8.000 3.000 0 105 TGAT
1 SG CP F
0 SG
NP
650 460 8.000 3.000 0 105 TGAT
CP F
GR
0 SG
GS
NP
625 460 M
-75 -130 atan DU cos 8.000 MU 495 exch SU
exch sin 8.000 MU 385 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
495 385 8.000 3.000 -130 -75 TGAT
1 SG CP F
0 SG
NP
495 385 8.000 3.000 -130 -75 TGAT
CP F
GR
0 SG
GS
NP
605 505 M
70 -105 atan DU cos 8.000 MU 500 exch SU
exch sin 8.000 MU 575 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
500 575 8.000 3.000 -105 70 TGAT
1 SG CP F
0 SG
NP
500 575 8.000 3.000 -105 70 TGAT
CP F
GR
0 SG
GS
NP
300 400 M
65 305 atan DU cos 8.000 MU 605 exch SU
exch sin 8.000 MU 465 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
605 465 8.000 3.000 305 65 TGAT
1 SG CP F
0 SG
NP
605 465 8.000 3.000 305 65 TGAT
CP F
GR
NP
0 SG
GS
1 W
385 445 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(intermediate) SH
GR
GR
NP
0 SG
GS
1 W
665 365 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
NP
0 SG
GS
1 W
230 200 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
0 SG
GS
NP
295 365 M
335 280 L
375 280 L
0 275 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 280 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 280 8.000 3.000 275 0 TGAT
1 SG CP F
0 SG
NP
650 280 8.000 3.000 275 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
330 270 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(initializing) SH
GR
GR
NP
0 SG
GS
1 W
540 405 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(negative) SH
GR
GR
NP
0 SG
GS
1 W
505 522 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(success. auth) SH
GR
GR
NP
0 SG
GS
1 W
650 545 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(intermediate) SH
GR
GR
0 SG
GS
GS
NP
702 512 22 22 -75 180 TGAN
S
GR
GR
GS
TGSM
NP
702 490 8.000 3.000 -44 0 TGAT
1 SG CP F
0 SG
NP
702 490 8.000 3.000 -44 0 TGAT
CP F
GR
0 SG
NP
250 205 M
180 235 L
250 265 L
320 235 L
CP
GS
GR
GS
S
GR
0 SG
GS
NP
250 265 M
95 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 360 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 360 8.000 3.000 0 95 TGAT
1 SG CP F
0 SG
NP
250 360 8.000 3.000 0 95 TGAT
CP F
GR
NP
0 SG
GS
1 W
250 230 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(Can auth.-req.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(Can auth.-req.) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(be construted?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(be construted?) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*1\)) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*1\)) SH
GR
GR
NP
0 SG
GS
1 W
315 220 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
NP
0 SG
GS
1 W
235 280 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
0 SG
GS
NP
320 235 M
335 235 L
355 235 L
0 245 atan DU cos 8.000 MU 600 exch SU
exch sin 8.000 MU 235 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
600 235 8.000 3.000 245 0 TGAT
1 SG CP F
0 SG
NP
600 235 8.000 3.000 245 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
270 520 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*2\)) TGSW
AD
GR
NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*2\)) SH
GR
GR
GR
tgifsavedpage restore
end
showpage
restore
grestore
309.0 0.0 RM
131.3 -326.9 M
%%IncludeResource: font Times-Bold
7.63889 2 Nf
(\240Figure\2401: Generic state diagram for HTTP ) S
(authentication\240) S
0 -340.8 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -365 M
%%IncludeResource: font Times-Roman
11 0 Nf
2.2546165 0 32 0 0 (Note: \(*1\) For example, "Digest" scheme requires server-provided nonces to construct client-side ) A
0 -378.2 M
(challenges.) S
0 -391.4 M
2.90397143 0 32 0 0 (\(*2\) In "Basic" and some others, this cannot be distinguished from a successfully-authenticated) A
0 -404.6 M
(response. ) S
0 -415.6 M
[/View [/XYZ -4 341.351349 null] /Dest /11 /DEST pdfmark
0 -415.6 M
[/View [/XYZ -4 341.351349 null] /Dest /12 /DEST pdfmark
0 -431.2 M
13 2 Nf
(2.2.) S
[/View [/XYZ -4 341.351349 null] /Dest /89 /DEST pdfmark
( Syntax ) S
(Notation) S
0 -455.4 M
11 0 Nf
3.19101572 0 32 0 0 (This specification uses an extended BNF syntax defined in ) A
gsave
newpath
289.8 -456.5 M
138.335938 0 RL
stroke
grestore
3.19101572 0 32 0 0 ([I-D.ietf-httpbis-p1-messaging]) A
[/Rect [288.839844 -458.198669 429.175781 -446.098663] /Subtype /Link /Border [0 0 0] /Dest /55 /ANN pdfmark
3.19101572 0 32 0 0 (. The) A
0 -468.6 M
13.8962049 0 32 0 0 (following syntax definitions are quoted from ) A
gsave
newpath
283.1 -469.7 M
138.335938 0 RL
stroke
grestore
13.8962049 0 32 0 0 ([I-D.ietf-httpbis-p1-messaging]) A
[/Rect [282.125 -471.398682 422.460938 -459.298676] /Subtype /Link /Border [0 0 0] /Dest /55 /ANN pdfmark
13.8962049 0 32 0 0 ( and ) A
0 -481.8 M
gsave
newpath
0 -482.9 M
110.84375 0 RL
stroke
grestore
0.901855469 0 32 0 0 ([I-D.ietf-httpbis-p7-auth]) A
[/Rect [-1.0 -484.598694 111.84375 -472.498688] /Subtype /Link /Border [0 0 0] /Dest /56 /ANN pdfmark
0.901855469 0 32 0 0 (: auth-scheme, quoted-string, auth-param, SP, header-field, and challenge. It) A
0 -495 M
(also uses the convention of using header names for specifying syntax of header values. ) S
0 -519.2 M
1.25585938 0 32 0 0 (Additionally, this specification uses the following syntax elements following syntax definitions as a) A
0 -532.4 M
1.26669037 0 32 0 0 (refinement for token and the righthand-side of auth-param in ) A
gsave
newpath
281.7 -533.5 M
110.84375 0 RL
stroke
grestore
1.26669037 0 32 0 0 ([I-D.ietf-httpbis-p7-auth]) A
[/Rect [280.671875 -535.19873 393.515625 -523.098755] /Subtype /Link /Border [0 0 0] /Dest /56 /ANN pdfmark
1.26669037 0 32 0 0 (. \(Note: these) A
0 -545.6 M
(definitions are consistent with those in ) S
gsave
newpath
172.3 -546.7 M
113.898438 0 RL
stroke
grestore
([I-D.ietf-httpauth-mutual]) S
[/Rect [171.269531 -548.398743 287.167969 -536.298767] /Subtype /Link /Border [0 0 0] /Dest /60 /ANN pdfmark
(.\) ) S
0 -556.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -567.6 M
[/View [/XYZ -4 189.351257 null] /Dest /13 /DEST pdfmark
0 -578.4 M
%%IncludeResource: font Courier
9.0 4 Nf
( ) S
%%IncludeResource: font Courier-Oblique
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( = 1*\(%x30-39 / %x41-5A / %x61-7A / "-" / "_"\)) S
0 -589.2 M
9.0 4 Nf
( ) S
9.0 5 Nf
(extension-token) S
9.0 4 Nf
( = "-" ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( 1*\("." ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
(\)) S
0 -600 M
9.0 4 Nf
( ) S
9.0 5 Nf
(extensive-token) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( / ) S
9.0 5 Nf
(extension-token) S
0 -610.8 M
9.0 4 Nf
( ) S
9.0 5 Nf
(integer) S
9.0 4 Nf
( = "0" / \(%x31-39 *%x30-39\) ) S
9.0 5 Nf
(; no leading zeros) S
147.2 -633.8 M
7.63889 2 Nf
(\240Figure\2402: the BNF syntax for common ) S
(notations\240) S
0 -636.7 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 5 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 6 6
%%PageResources: font Times-Roman Times-Bold Courier Courier-Oblique Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -0 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -24.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.88755584 0 32 0 0 (Extensive-tokens are used in this protocol where the set of acceptable tokens may include private) A
0 -37.4 M
2.68131518 0 32 0 0 (extensions. Any private extensions of this protocol MUST use the extension-tokens with format) A
0 -50.6 M
0.527734399 0 32 0 0 ("-<token>.<domain-name>", where <domain-name> is a validly registered \(sub-\)domain name on the) A
0 -63.8 M
(Internet owned by the party who defines the extensions. ) S
0 -74.8 M
[/View [/XYZ -4 682.2 null] /Dest /14 /DEST pdfmark
0 -74.8 M
[/View [/XYZ -4 682.2 null] /Dest /15 /DEST pdfmark
0 -93.8 M
%%IncludeResource: font Times-Bold
15 2 Nf
(3.) S
[/View [/XYZ -4 681.2 null] /Dest /90 /DEST pdfmark
( Optional ) S
(Authentication) S
0 -118 M
11 0 Nf
3.47916675 0 32 0 0 (The Optional-WWW-Authenticate header enables a non-mandatory authentication, which is not) A
0 -131.2 M
1.48925781 0 32 0 0 (possible under the current HTTP authentication mechanism. In several Web applications, users can) A
0 -144.4 M
0.109809026 0 32 0 0 (access the same contents as both a guest user and an authenticated user. In most Web applications, it is) A
0 -157.6 M
3.15625 0 32 0 0 (implemented using ) A
gsave
newpath
93.1 -158.7 M
33.3984375 0 RL
stroke
grestore
3.15625 0 32 0 0 (HTTP ) A
gsave
newpath
126.5 -158.7 M
33.5976562 0 RL
stroke
grestore
3.15625 0 32 0 0 (cookies) A
[/Rect [92.0664062 -160.349991 161.0625 -148.249985] /Subtype /Link /Border [0 0 0] /Dest /61 /ANN pdfmark
3.15625 0 32 0 0 ( [RFC6265] and custom form-based authentications. The new) A
0 -170.8 M
(authentication method using this message will provide a replacement for these authentication systems. ) S
0 -195 M
1.46664667 0 32 0 0 (Servers MAY send HTTP successful responses \(response code 200, 206 and others\) containing the) A
0 -208.2 M
6.1741538 0 32 0 0 (Optional-WWW-Authenticate header as a replacement of a 401 response when it is an) A
0 -221.4 M
6.13541651 0 32 0 0 (authentication-initializing response. The Optional-WWW-Authenticate header MUST\240NOT be) A
0 -234.6 M
(contained in 401 responses. ) S
11 -258.8 M
(HTTP/1.1 200 ) S
(OK) S
11 -272 M
(Optional-WWW-Authenticate: Basic realm="xxxx" ) S
0 -283 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -294 M
[/View [/XYZ -4 463.0 null] /Dest /16 /DEST pdfmark
0 -304.8 M
%%IncludeResource: font Courier
9.0 4 Nf
( ) S
%%IncludeResource: font Courier-Oblique
9.0 5 Nf
(Optional-WWW-Authenticate) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(challenge) S
121.6 -327.7 M
7.63889 2 Nf
(\240Figure\2403: BNF syntax for Optional-WWW-Authenticate ) S
(header\240) S
0 -341.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -365.8 M
11 0 Nf
0.929408491 0 32 0 0 (The challenge contained in the Optional-WWW-Authenticate header are the same as those for a 401) A
0 -379 M
5.33125 0 32 0 0 (responses corresponding for a same request. For authentication-related matters, an optional) A
0 -392.2 M
4.40414667 0 32 0 0 (authentication request will have the same meaning as a 401 message with a corresponding) A
0 -405.4 M
3.61935759 0 32 0 0 (WWW-Authenticate header \(as an authentication-initializing response\). \(The behavior for other) A
0 -418.6 M
(matters, such as caching, MAY be different between the optional authentication and 401 messages.\) ) S
0 -442.8 M
0.777994812 0 32 0 0 (A response with an Optional-WWW-Authenticate header SHOULD be returned from the server only) A
0 -456 M
0.97265625 0 32 0 0 (when the request is either non-authenticated or authenticating to a wrong \(not the server's expected\)) A
0 -469.2 M
3.8 0 32 0 0 (protection space. If a response is either an intermediate or a negative response to a client's) A
0 -482.4 M
7.36621094 0 32 0 0 (authentication attempt, the server MUST respond with a 401 status response with a) A
0 -495.6 M
0.0750558 0 32 0 0 (WWW-Authenticate header instead. Failure to comply this rule will make client not able to distinguish) A
0 -508.8 M
(authentication successes and failures. ) S
0 -533 M
3.64960933 0 32 0 0 (The server is NOT\240RECOMMENDED to include an Optional-WWW-Authenticate header in a) A
0 -546.2 M
(positive response when a client's authentication attempt succeeds. ) S
0 -570.4 M
0.520052075 0 32 0 0 (Whenever an authentication scheme support for servers to send some parameter which gives a hint of) A
0 -583.6 M
2.28683043 0 32 0 0 (URL space for the corresponding protection space for the same realm \(e.g. "path" or "domain"\),) A
0 -596.8 M
1.69492185 0 32 0 0 (servers requesting non-mandatory authentication SHOULD send such parameter with the response.) A
0 -610 M
1.0110085 0 32 0 0 (Clients supporting non-mandatory authentication MUST recognize the parameter, and MUST send a) A
0 -623.2 M
0.0993303582 0 32 0 0 (request with an appropriate authentication credential in an Authorization header for any URI inside the) A
0 -636.4 M
(specified paths. ) S
0 -636.4 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 6 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 7 7
%%PageResources: font Times-Roman Times-Bold Courier Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.232291669 0 32 0 0 (Support of this header is OPTIONAL; Clients MAY also choose any set of authentication schemes for) A
0 -26.4 M
1.078776 0 32 0 0 (which optional authentication is supported \(in other words, its support MAY be scheme-dependent\).) A
0 -39.6 M
3.61371517 0 32 0 0 (However, some authentication schemes MAY require mandatory/recommended support for this) A
0 -52.8 M
0.0758928582 0 32 0 0 (header, so that server-side applications MAY assume that clients supporting such schemes are likely to) A
0 -66 M
(support the extension as well. ) S
0 -77 M
[/View [/XYZ -4 680.0 null] /Dest /17 /DEST pdfmark
0 -77 M
[/View [/XYZ -4 680.0 null] /Dest /18 /DEST pdfmark
0 -96 M
%%IncludeResource: font Times-Bold
15 2 Nf
(4.) S
[/View [/XYZ -4 679.0 null] /Dest /91 /DEST pdfmark
( Authentication-Control ) S
(header) S
0 -107 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -118 M
[/View [/XYZ -4 639.0 null] /Dest /19 /DEST pdfmark
0 -128.8 M
%%IncludeResource: font Courier
9.0 4 Nf
( Authentication-Control = auth-scheme 1*SP 1#auth-param) S
120.6 -151.7 M
7.63889 2 Nf
(\240Figure\2404: the BNF syntax for the Authentication-Control ) S
(header\240) S
0 -165.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -189.8 M
11 0 Nf
1.72836542 0 32 0 0 (The Authentication-Control header provides a more precise control of the client behavior for Web) A
0 -203 M
1.29547989 0 32 0 0 (applications using an HTTP authentication protocol. This header is supposed to be generated in the) A
0 -216.2 M
0.951622605 0 32 0 0 (application layer, as opposed to WWW-Authenticate headers which will be generated usually by the) A
0 -229.4 M
(Web servers. ) S
0 -253.6 M
0.791015625 0 32 0 0 (Support of this header is OPTIONAL, and clients MAY choose any subset of these parameters to be) A
0 -266.8 M
0.347301126 0 32 0 0 (supported. The set of supported parameters MAY also be authentication scheme-dependent. However,) A
0 -280 M
1.43782556 0 32 0 0 (some authentication schemes MAY require mandatory/recommended support for some or all of the) A
0 -293.2 M
(features provided in this header. ) S
0 -317.4 M
1.15136719 0 32 0 0 (The "auth-scheme" specified in this header and other authentication-related headers within the same) A
0 -330.6 M
0.667689741 0 32 0 0 (message MUST be the same. If there are no authentication currently performed, and the auth-scheme) A
0 -343.8 M
(contained in this header is not recognizable for the client, the whole header SHOULD be ignored. ) S
0 -368 M
1.1796875 0 32 0 0 (The header contain one or more parameters, each of which is a name-value pair. The name of each) A
0 -381.2 M
0.596354187 0 32 0 0 (parameter MUST be an extensive-token. Clients MUST ignore any unknown parameters contained in) A
0 -394.4 M
(this header. ) S
0 -418.6 M
0.743489563 0 32 0 0 (The type of parameter value depends on the parameter name as defined in the following subsections.) A
0 -431.8 M
4.3883462 0 32 0 0 (Regardless of the type, however, the recipients SHOULD accept both quoted and unquoted) A
0 -445 M
0.0799851194 0 32 0 0 (representations of values as defined in HTTP. If it is defined as a string, it is encouraged to be sent in a) A
0 -458.2 M
0.92578125 0 32 0 0 (quoted-string form. If it defined as a token \(or similar\) or an integer, the value SHOULD follow the) A
0 -471.4 M
0.24368991 0 32 0 0 (corresponding ABNF syntax after possible unquoting of the quoted-string value \(as defined in HTTP\),) A
0 -484.6 M
(and is encouraged to be sent in a unquoted form. ) S
0 -508.8 M
1.49023438 0 32 0 0 (Server-side application SHOULD always be reminded that any parameters contained in this header) A
0 -522 M
0.296440959 0 32 0 0 (MAY be ignored by clients. Also, even when a client accepts this header, users may always be able to) A
0 -535.2 M
1.5184896 0 32 0 0 (circumvent semantics of this header. Therefore, if this header is used for security purposes, its use) A
0 -548.4 M
2.5390625 0 32 0 0 (MUST be limited for providing some non-fundamental additional security measures valuable for) A
0 -561.6 M
0.516335249 0 32 0 0 (end-users \(such as client-side log-out for protecting against console takeover\). Server-side application) A
0 -574.8 M
(MUST\240NOT rely on the use of this header for protecting server-side resources. ) S
0 -585.8 M
[/View [/XYZ -4 171.151184 null] /Dest /20 /DEST pdfmark
0 -585.8 M
[/View [/XYZ -4 171.151184 null] /Dest /21 /DEST pdfmark
0 -601.4 M
13 2 Nf
(4.1.) S
[/View [/XYZ -4 171.151184 null] /Dest /92 /DEST pdfmark
( Auth-style ) S
(parameter) S
0 -625.6 M
11 0 Nf
(Authentication-Control: Digest auth-style=modal ) S
0 -636.6 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 7 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 8 8
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
2.02278638 0 32 0 0 (The parameter "auth-style" specifies the server's preferences over user interface behavior for user) A
0 -26.4 M
3.6526227 0 32 0 0 (authentication. This parameter can be included in any kind of responses, however, it is only) A
0 -39.6 M
1.6484375 0 32 0 0 (meaningful for either authentication-initializing or negatively-authenticated responses. The value of) A
0 -52.8 M
7.14518213 0 32 0 0 (this parameter MUST be one of the bare-tokens "modal" or "non-modal". When the) A
0 -66 M
1.15983069 0 32 0 0 (Optional-WWW-Authenticate header is used, the value of this parameter MUST be disregarded and) A
0 -79.2 M
(the value "non-modal" is implied. ) S
0 -103.4 M
3.50390625 0 32 0 0 (The value "modal" means that the server thinks the content of the response \(body and other) A
0 -116.6 M
2.1796875 0 32 0 0 (content-related headers\) is valuable only for users refusing authentication request. The clients are) A
0 -129.8 M
0.485839844 0 32 0 0 (expected to ask the user a password before processing the content. This behavior is common for most) A
0 -143 M
(of the current implementations of Basic and Digest authentication schemes. ) S
0 -167.2 M
2.1598959 0 32 0 0 (The value "non-modal" means that the server thinks the content of the response \(body and other) A
0 -180.4 M
0.805664062 0 32 0 0 (content-related headers\) is valuable for users before processing an authentication request. The clients) A
0 -193.6 M
5.20432711 0 32 0 0 (are expected to first process the content and then provide users opportunities to perform) A
0 -206.8 M
(authentication. ) S
0 -231 M
1.10774744 0 32 0 0 (The default behavior for the clients is implementation-dependent, and clients MAY choose different) A
0 -244.2 M
3.26302075 0 32 0 0 (defaults for different authentication schemes. The proposed default behavior is "modal" for all) A
0 -257.4 M
3.40664053 0 32 0 0 (authentication schemes, but specifications for authentication schemes MAY propose a different) A
0 -270.6 M
(default. ) S
0 -294.8 M
0.13131009 0 32 0 0 (The above two different methods of authentication may introduce a observable difference of semantics) A
0 -308 M
1.18719947 0 32 0 0 (when the response contains state-changing side effects; for example, it may change whether ) A
gsave
newpath
422.2 -309.1 M
31.8203125 0 RL
stroke
grestore
1.18719947 0 32 0 0 (Cookie ) A
[/Rect [421.179688 -310.75 458.886719 -298.65] /Subtype /Link /Border [0 0 0] /Dest /61 /ANN pdfmark
0 -321.2 M
gsave
newpath
0 -322.3 M
33.5859375 0 RL
stroke
grestore
4.18652344 0 32 0 0 (headers) A
[/Rect [-1.0 -323.95 34.5859375 -311.85] /Subtype /Link /Border [0 0 0] /Dest /61 /ANN pdfmark
4.18652344 0 32 0 0 ( [RFC6265] in 401 responses are processed or not. However, the server applications) A
0 -334.4 M
(SHOULD\240NOT depend on both existence and non-existence of such side effects. ) S
0 -345.4 M
[/View [/XYZ -4 411.599976 null] /Dest /22 /DEST pdfmark
0 -345.4 M
[/View [/XYZ -4 411.599976 null] /Dest /23 /DEST pdfmark
0 -361 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.2.) S
[/View [/XYZ -4 411.599976 null] /Dest /93 /DEST pdfmark
( Location-when-unauthenticated ) S
(parameter) S
0 -385.2 M
11 0 Nf
(Authentication-Control: Mutual) S
0 -398.4 M
(location-when-unauthenticated="http://www.example.com/login.html" ) S
0 -422.6 M
0.348524302 0 32 0 0 (The parameter "location-when-unauthenticated" specifies a location where any unauthenticated clients) A
0 -435.8 M
0.637152791 0 32 0 0 (should be redirected to. This header may be used, for example, when there is a central login page for) A
0 -449 M
1.13574219 0 32 0 0 (the entire Web application. The value of this parameter MUST be a string that contains an absolute) A
0 -462.2 M
1.05902779 0 32 0 0 (URL location. If a given URL is not absolute, the clients MAY consider it a relative URL from the) A
0 -475.4 M
(current location. ) S
0 -499.6 M
0.643694222 0 32 0 0 (This parameter MAY be used with a 401 response for authentication-initializing response. It can also) A
0 -512.8 M
11.5490456 0 32 0 0 (be contained, although NOT\240RECOMMENDED, in a positive response with an) A
0 -526 M
1.54261363 0 32 0 0 (Optional-WWW-Authenticate header. The clients MUST ignore this parameter, when a response is) A
0 -539.2 M
2.35107422 0 32 0 0 (either successfully-authenticated or intermediately-authenticated. The clients SHOULD ignore this) A
0 -552.4 M
(parameter when a response is a negatively-authenticated one \(the case is unlikely to happen, though\). ) S
0 -576.6 M
0.133593753 0 32 0 0 (When a client receives an authentication-initiating response with this parameter, if the client has to ask) A
0 -589.8 M
1.32858455 0 32 0 0 (users for authentication credentials, the client will treat the entire response as if it were a 303 "See) A
0 -603 M
1.12402344 0 32 0 0 (Other" response with a Location header that contains the value of this parameter \(i.e., client will be) A
0 -616.2 M
1.04125977 0 32 0 0 (redirected to the specified location with a GET request\). Unlike a normal 303 response, if the client) A
0 -629.4 M
(can process authentication without the user's interaction, this parameter MUST be ignored. ) S
0 -629.4 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 8 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 9 9
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /24 /DEST pdfmark
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /25 /DEST pdfmark
0 -15.6 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.3.) S
[/View [/XYZ -4 757.0 null] /Dest /94 /DEST pdfmark
( No-auth ) S
(parameter) S
0 -39.8 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Authentication-Control: Basic no-auth=true ) S
0 -64 M
0.643880188 0 32 0 0 (The parameter "no-auth" is a variant of the location-when-unauthenticated parameter; it specifies that) A
0 -77.2 M
0.702343762 0 32 0 0 (new authentication attempt is not to be performed on this location for better user experience, without) A
0 -90.4 M
0.727941155 0 32 0 0 (specifying the redirection on the HTTP level. This header may be used, for example, when there is a) A
0 -103.6 M
0.09375 0 32 0 0 (central login page for the entire Web application, and when a \(Web content's level\) explicit interaction) A
0 -116.8 M
0.542739 0 32 0 0 (of users is desired before authentications. The value of this parameter MUST be a token "true". If the) A
0 -130 M
(value is incorrect, client MAY ignore this parameter. ) S
0 -154.2 M
2.91373706 0 32 0 0 (This parameter MAY be used with authentication-initiating responses. It can also be contained,) A
0 -167.4 M
3.67919922 0 32 0 0 (although NOT\240RECOMMENDED, in a positive response with an Optional-WWW-Authenticate) A
0 -180.6 M
0.524088562 0 32 0 0 (header. The clients MUST ignore this parameter, when a response is either successfully-authenticated) A
0 -193.8 M
2.12695312 0 32 0 0 (or intermediately-authenticated. The clients SHOULD ignore this parameter when a response is a) A
0 -207 M
(negatively-authenticated one \(the case is unlikely to happen, though\). ) S
0 -231.2 M
0.133593753 0 32 0 0 (When a client receives an authentication-initiating response with this parameter, if the client has to ask) A
0 -244.4 M
0.397135407 0 32 0 0 (users for authentication credentials, the client will ignore the WWW-Authenticate header contained in) A
0 -257.6 M
1.04843748 0 32 0 0 (the response and treat the whole response as a normal negative 4xx-class response instead of giving) A
0 -270.8 M
0.992466509 0 32 0 0 (user an opportunity to start authentication. If the client can process authentication without the user's) A
0 -284 M
(interaction, this parameter MUST ignored. ) S
0 -308.2 M
1.48320317 0 32 0 0 (This parameter SHOULD\240NOT be used along with the location-when-unauthenticated parameter. If) A
0 -321.4 M
(both were supplied, clients MAY choose which one is to be honored. ) S
0 -345.6 M
0.0354567319 0 32 0 0 (This parameter SHOULD\240NOT be used as any security measures to prevent authentication attempts, as) A
0 -358.8 M
2.73688626 0 32 0 0 (it is easily circumvented by users. This parameter SHOULD be used solely for improving user) A
0 -372 M
(experience of web applications. ) S
0 -383 M
[/View [/XYZ -4 373.999939 null] /Dest /26 /DEST pdfmark
0 -383 M
[/View [/XYZ -4 373.999939 null] /Dest /27 /DEST pdfmark
0 -398.6 M
13 2 Nf
(4.4.) S
[/View [/XYZ -4 373.999939 null] /Dest /95 /DEST pdfmark
( Location-when-logout ) S
(parameter) S
0 -422.8 M
11 0 Nf
(Authentication-Control: Digest location-when-logout="http://www.example.com/byebye.html" ) S
0 -447 M
1.22776437 0 32 0 0 (The parameter "location-when-logout" specifies a location where the client is to be redirected when) A
0 -460.2 M
1.30193019 0 32 0 0 (the user explicitly request a logout. The value of this parameter MUST be a string that contains an) A
0 -473.4 M
1.17486215 0 32 0 0 (absolute URL location. If a given URL is not absolute, the clients MAY consider it a relative URL) A
0 -486.6 M
(from the current location. ) S
0 -510.8 M
0.243815109 0 32 0 0 (This parameter MAY be used with successfully-authenticated responses. If this parameter is contained) A
0 -524 M
(in other kinds of responses, the clients MUST ignore this parameter. ) S
0 -548.2 M
0.029296875 0 32 0 0 (When the user requests to terminate an authentication period, and if the client currently displays a page) A
0 -561.4 M
0.656020224 0 32 0 0 (supplied by a response with this parameter, the client will be redirected to the specified location by a) A
0 -574.6 M
0.946289062 0 32 0 0 (new GET request \(as if it received a 303 response\). The log-out operation \(e.g. erasing memories of) A
0 -587.8 M
2.73978376 0 32 0 0 (user name, authentication credential and all related one-time credentials such as nonce or keys\)) A
0 -601 M
(SHOULD occur before processing a redirection. ) S
0 -625.2 M
0.621354163 0 32 0 0 (When the user requests to terminate an authentication period, if the client supports this parameter but) A
0 -638.4 M
1.79657447 0 32 0 0 (the server response does not contain this parameter, the client's RECOMMENDED behavior is as) A
0 -651.6 M
0.0513020828 0 32 0 0 (follows: if the request corresponding to the current content was idempotent \(e.g. GET\), reload the page) A
0 -664.8 M
0.411658645 0 32 0 0 (without the authentication credential. If the request was non-idempotent \(e.g. POST\), keep the current) A
0 -664.8 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 9 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 10 10
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
4.08398438 0 32 0 0 (content as-is and simply forget the authentication status. The client SHOULD\240NOT replay a) A
0 -26.4 M
11 0 Nf
(non-idempotent request without the user's explicit approval. ) S
0 -50.6 M
0.97265625 0 32 0 0 (Web applications are encouraged to send this parameter with an appropriate value for any responses) A
0 -63.8 M
(\(except those with redirection \(3XX\) statuses\) for non-GET requests. ) S
0 -74.8 M
[/View [/XYZ -4 682.2 null] /Dest /28 /DEST pdfmark
0 -74.8 M
[/View [/XYZ -4 682.2 null] /Dest /29 /DEST pdfmark
0 -90.4 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.5.) S
[/View [/XYZ -4 682.2 null] /Dest /96 /DEST pdfmark
( ) S
(Logout-timeout) S
0 -114.6 M
11 0 Nf
(Authentication-Control: Basic logout-timeout=300 ) S
0 -138.8 M
0.646484375 0 32 0 0 (The parameter "logout-timeout", when contained in a successfully-authenticated response, means that) A
0 -152 M
0.356201172 0 32 0 0 (any authentication credentials and states related to the current protection space are to be discarded if a) A
0 -165.2 M
0.153262869 0 32 0 0 (time specified in this header \(in seconds\) has been passed from the time received. The value MUST be) A
0 -178.4 M
0.00868055597 0 32 0 0 (an integer. As a special case, the value 0 means that the client is requested to immediately log-out from) A
0 -191.6 M
0.381975442 0 32 0 0 (the current authentication space and revert to an unauthenticated status. This does not, however, mean) A
0 -204.8 M
1.93108261 0 32 0 0 (that the long-term memories for the passwords \(such as the password reminders and auto fill-ins\)) A
0 -218 M
0.207720593 0 32 0 0 (should be removed. If a new timeout value is received for the same authentication space, it cancels the) A
0 -231.2 M
(previous timeout and sets a new timeout. ) S
0 -242.2 M
[/View [/XYZ -4 514.800049 null] /Dest /30 /DEST pdfmark
0 -242.2 M
[/View [/XYZ -4 514.800049 null] /Dest /31 /DEST pdfmark
0 -261.2 M
15 2 Nf
(5.) S
[/View [/XYZ -4 513.800049 null] /Dest /97 /DEST pdfmark
( Usage examples ) S
(\(informative\)) S
0 -285.4 M
11 0 Nf
1.18610489 0 32 0 0 (This section shows some examples for applying this extension to typical Web-sites which are using) A
0 -298.6 M
1.12081468 0 32 0 0 (Forms and cookies for managing authentication and authorization. The content of this section is not) A
0 -311.8 M
(normative and for illustrative purposes only. ) S
0 -336 M
2.54296875 0 32 0 0 (We assume that all features described in the previous sections are implemented in clients \(Web) A
0 -349.2 M
0.94921875 0 32 0 0 (browsers\). We also assume that browsers will have a user interface which allows users to deactivate) A
0 -362.4 M
1.77073312 0 32 0 0 (\(log-out from\) current authentication sessions. If this assumption is not hold, texts below provides) A
0 -375.6 M
(another approach with de-authentication pages used instead of such a UI. ) S
0 -399.8 M
1.46126306 0 32 0 0 (Without explicit notices, all settings described below are to be applied with Authentication-Control) A
0 -413 M
1.3955729 0 32 0 0 (headers, and these can be sent to clients regardless of authentication statuses \(these will be silently) A
0 -426.2 M
(ignored whenever not effective\). ) S
0 -437.2 M
[/View [/XYZ -4 319.799896 null] /Dest /32 /DEST pdfmark
0 -437.2 M
[/View [/XYZ -4 319.799896 null] /Dest /33 /DEST pdfmark
0 -452.8 M
13 2 Nf
(5.1.) S
[/View [/XYZ -4 319.799896 null] /Dest /98 /DEST pdfmark
( Example 1: a portal ) S
(site) S
0 -477 M
11 0 Nf
1.75502229 0 32 0 0 (This subsection provides an example application for a site whose structure is somewhat similar to) A
0 -490.2 M
1.49399042 0 32 0 0 (conventional portal sites. In particular, most of web pages are available for guest \(unauthenticated\)) A
0 -503.4 M
1.35625 0 32 0 0 (users, and if authentication is performed, contents of these pages are customized for each user. We) A
0 -516.6 M
(assume the site has the following kinds of pages ) S
(currently:) S
11 -537.2 M
gsave
0 setgray
newpath
11.0 -537.170166 2.75 0 360 arc
closepath
fill
grestore
22 -540.8 M
(Content pages. ) S
11 -551.4 M
gsave
0 setgray
newpath
11.0 -551.370178 2.75 0 360 arc
closepath
fill
grestore
22 -555 M
(Pages/mechanism for performing authentication: ) S
33 -565.6 M
gsave
0 setgray
newpath
33.0 -565.57019 2.75 0 360 arc
closepath
stroke
grestore
44 -569.2 M
(There is one page which asks a user name and a password using a HTML POST form. ) S
33 -579.8 M
gsave
0 setgray
newpath
33.0 -579.770203 2.75 0 360 arc
closepath
stroke
grestore
44 -583.4 M
2.25809145 0 32 0 0 (After the authentication attempt, the user will be redirected to either the page which is) A
44 -596.6 M
(previously displayed before the authentication, or some specific ) S
(page.) S
11 -607.2 M
gsave
0 setgray
newpath
11.0 -607.170227 2.75 0 360 arc
closepath
fill
grestore
22 -610.8 M
(A de-authentication \(log-out\) ) S
(page.) S
0 -621.8 M
[/View [/XYZ -4 135.199768 null] /Dest /34 /DEST pdfmark
0 -621.8 M
[/View [/XYZ -4 135.199768 null] /Dest /35 /DEST pdfmark
0 -621.8 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 10 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 11 11
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -15.6 M
%%IncludeResource: font Times-Bold
13 2 Nf
(5.1.1.) S
[/View [/XYZ -4 757.0 null] /Dest /99 /DEST pdfmark
( Case 1: a simple ) S
(application) S
0 -39.8 M
%%IncludeResource: font Times-Roman
11 0 Nf
2.12573242 0 32 0 0 (When such a site does not need a specific actions upon log-in and log-out, the following simple) A
0 -53 M
(settings can be ) S
(used.) S
11 -73.6 M
gsave
0 setgray
newpath
11.0 -73.57 2.75 0 360 arc
closepath
fill
grestore
22 -77.2 M
7.99609375 0 32 0 0 (Set up an optional authentication to all pages available to guests. Set up an) A
22 -90.4 M
(Authentication-Control header with "auth-style=non-modal" setting. ) S
11 -101 M
gsave
0 setgray
newpath
11.0 -100.969994 2.75 0 360 arc
closepath
fill
grestore
22 -104.6 M
1.08007812 0 32 0 0 (If there are pages only available to authenticated users, Set up a mandatory authentication with) A
22 -117.8 M
("auth-style=non-modal" setting. ) S
11 -128.4 M
gsave
0 setgray
newpath
11.0 -128.37 2.75 0 360 arc
closepath
fill
grestore
22 -132 M
0.142578125 0 32 0 0 (No specific pages for authentication is needed. It will be performed automatically, directed by the) A
22 -145.2 M
(above setting. ) S
11 -155.8 M
gsave
0 setgray
newpath
11.0 -155.769989 2.75 0 360 arc
closepath
fill
grestore
22 -159.4 M
1.62974334 0 32 0 0 (A de-authentication page is also not needed. If the site will have one, put "logout-timeout=0") A
22 -172.6 M
(there. ) S
11 -183.2 M
gsave
0 setgray
newpath
11.0 -183.169983 2.75 0 360 arc
closepath
fill
grestore
22 -186.8 M
(For all pages for POST requests, it is advisable to have "location-when-logout=<some ) S
(page>".) S
0 -197.8 M
[/View [/XYZ -4 559.2 null] /Dest /36 /DEST pdfmark
0 -197.8 M
[/View [/XYZ -4 559.2 null] /Dest /37 /DEST pdfmark
0 -213.4 M
13 2 Nf
(5.1.2.) S
[/View [/XYZ -4 559.2 null] /Dest /100 /DEST pdfmark
( Case 2: specific action required on ) S
(log-out) S
0 -237.6 M
11 0 Nf
(If the site needs a specific actions upon log-out, the following settings can be ) S
(used.) S
11 -258.2 M
gsave
0 setgray
newpath
11.0 -258.169983 2.75 0 360 arc
closepath
fill
grestore
22 -261.8 M
(All shown in the Case 1 are to be applied. ) S
11 -272.4 M
gsave
0 setgray
newpath
11.0 -272.37 2.75 0 360 arc
closepath
fill
grestore
22 -276 M
(For all pages, set up the Authentication-Control header) S
22 -289.2 M
("location-when-logout=<de-authentication page>". ) S
11 -299.8 M
gsave
0 setgray
newpath
11.0 -299.77002 2.75 0 360 arc
closepath
fill
grestore
22 -303.4 M
1.93701172 0 32 0 0 (In de-authentication pages, no specific set-up is needed. If there is any direct links to it, put ) A
22 -316.6 M
("logout-timeout=0".) S
0 -327.6 M
[/View [/XYZ -4 429.399963 null] /Dest /38 /DEST pdfmark
0 -327.6 M
[/View [/XYZ -4 429.399963 null] /Dest /39 /DEST pdfmark
0 -343.2 M
13 2 Nf
(5.1.3.) S
[/View [/XYZ -4 429.399963 null] /Dest /101 /DEST pdfmark
( Case 3: specific page displayed before ) S
(log-in) S
0 -367.4 M
11 0 Nf
0.135569856 0 32 0 0 (If the site needs to display a specific page before log-in actions \(some announces, user notices, or even) A
0 -380.6 M
(advertisements\), the following settings can be ) S
(applied.) S
11 -401.2 M
gsave
0 setgray
newpath
11.0 -401.170074 2.75 0 360 arc
closepath
fill
grestore
22 -404.8 M
0.203404024 0 32 0 0 (Set up an optional authentication to all pages available to guest. Set up an Authentication-Control) A
22 -418 M
(header with "no-auth=true". Put a link to a specific log-in page in contents. ) S
11 -428.6 M
gsave
0 setgray
newpath
11.0 -428.570099 2.75 0 360 arc
closepath
fill
grestore
22 -432.2 M
1.08007812 0 32 0 0 (If there are pages only available to authenticated users, Set up a mandatory authentication with) A
22 -445.4 M
("location-when-unauthenticated=<the log-in page>". ) S
11 -456 M
gsave
0 setgray
newpath
11.0 -455.970123 2.75 0 360 arc
closepath
fill
grestore
22 -459.6 M
(For the specific log-in page, Set up a mandatory authentication. ) S
11 -470.2 M
gsave
0 setgray
newpath
11.0 -470.170135 2.75 0 360 arc
closepath
fill
grestore
22 -473.8 M
1.32584631 0 32 0 0 (For all pages for POST requests, it is advisable to have "location-when-logout=<some page>",) A
22 -487 M
(too. ) S
11 -497.6 M
gsave
0 setgray
newpath
11.0 -497.57016 2.75 0 360 arc
closepath
fill
grestore
22 -501.2 M
(De-authentication pages are not needed. If the site will have one, put ) S
("logout-timeout=0".) S
0 -512.2 M
[/View [/XYZ -4 244.799805 null] /Dest /40 /DEST pdfmark
0 -512.2 M
[/View [/XYZ -4 244.799805 null] /Dest /41 /DEST pdfmark
0 -527.8 M
13 2 Nf
(5.2.) S
[/View [/XYZ -4 244.799805 null] /Dest /102 /DEST pdfmark
( Example 2: authenticated user-only ) S
(sites) S
0 -552 M
11 0 Nf
0.352711409 0 32 0 0 (If almost all pages in the target site requires authentication \(e.g., an Internet banking site\), or there are) A
0 -565.2 M
0.130729169 0 32 0 0 (no needs to support both unauthenticated and authenticated users on the same resource, the setting will) A
0 -578.4 M
(become somewhat simple. The following are an example to realize such a ) S
(site:) S
11 -599 M
gsave
0 setgray
newpath
11.0 -598.970215 2.75 0 360 arc
closepath
fill
grestore
22 -602.6 M
5.17848539 0 32 0 0 (Set up a mandatory authentication to all pages available to authenticated. Set up an) A
22 -615.8 M
(Authentication-Control header with "auth-style=non-modal" setting. ) S
11 -626.4 M
gsave
0 setgray
newpath
11.0 -626.370239 2.75 0 360 arc
closepath
fill
grestore
22 -630 M
(Set up a handler for the 401-status which requests users to authenticate. ) S
11 -640.6 M
gsave
0 setgray
newpath
11.0 -640.570251 2.75 0 360 arc
closepath
fill
grestore
22 -644.2 M
1.32584631 0 32 0 0 (For all pages for POST requests, it is advisable to have "location-when-logout=<some page>",) A
22 -657.4 M
(too. ) S
11 -668 M
gsave
0 setgray
newpath
11.0 -667.970276 2.75 0 360 arc
closepath
fill
grestore
22 -671.6 M
(De-authentication pages are not needed. If the site will have one, put "logout-timeout=0" ) S
(there.) S
0 -671.6 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 11 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 12 12
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /42 /DEST pdfmark
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /43 /DEST pdfmark
0 -15.6 M
%%IncludeResource: font Times-Bold
13 2 Nf
(5.3.) S
[/View [/XYZ -4 757.0 null] /Dest /103 /DEST pdfmark
( When to use ) S
(Cookies) S
0 -39.8 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.197415859 0 32 0 0 (In the current Web sites using Form-based authentications, ) A
gsave
newpath
263.3 -40.9 M
36.0507812 0 RL
stroke
grestore
0.197415859 0 32 0 0 (Cookies) A
[/Rect [262.308594 -42.5500031 300.359375 -30.4500027] /Subtype /Link /Border [0 0 0] /Dest /61 /ANN pdfmark
0.197415859 0 32 0 0 ( [RFC6265] are used for managing) A
0 -53 M
0.173677891 0 32 0 0 (both authorization and application sessions. Using the extensions in this document, the former features) A
0 -66.2 M
0.816761374 0 32 0 0 (will be provided by using \(extended\) HTTP authentication/authorization mechanisms. In some cases,) A
0 -79.4 M
1.79296875 0 32 0 0 (there will be some ambiguous situations whether some functions are authorization management or) A
0 -92.6 M
(session management. The following hints will be helpful for deciding which features to be used. ) S
11 -113.2 M
gsave
0 setgray
newpath
11.0 -113.170006 2.75 0 360 arc
closepath
fill
grestore
22 -116.8 M
0.0280761719 0 32 0 0 (If there is a need to serve multiple sessions for a single user using multiple browsers concurrently,) A
22 -130 M
1.5165441 0 32 0 0 (use a Cookie for distinguishing between sessions for the same user. \(C.f. if there is a need to) A
22 -143.2 M
(distinguish sessions in the same browser, ) S
gsave
newpath
205.6 -144.3 M
62.921875 0 RL
stroke
grestore
(HTML5 Web ) S
gsave
newpath
268.5 -144.3 M
33.59375 0 RL
stroke
grestore
(Storage) S
[/Rect [204.582031 -145.95 303.097656 -133.849991] /Subtype /Link /Border [0 0 0] /Dest /62 /ANN pdfmark
22 -156.4 M
([W3C.CR-webstorage-20111208] features may be used instead of Cookies.\) ) S
11 -167 M
gsave
0 setgray
newpath
11.0 -166.97 2.75 0 360 arc
closepath
fill
grestore
22 -170.6 M
1.39479172 0 32 0 0 (If a web site is currently deploying a session time-out feature, consider who benefits from the) A
22 -183.8 M
2.5575521 0 32 0 0 (feature. In most cases, the main requirement for such feature is to protect users from their) A
22 -197 M
0.927083313 0 32 0 0 (consoles and browsers hijacked \(i.e. benefits are on the users' side\). In such cases, the time-out) A
22 -210.2 M
0.274902344 0 32 0 0 (features provided in this extension may be used. On the other hand, the requirements is to protect) A
22 -223.4 M
0.460637033 0 32 0 0 (server's privilege \(e.g. when some regulations require to limit the time difference between user's) A
22 -236.6 M
0.319602281 0 32 0 0 (two-factor authentication and financial transaction commitment; the requirement is strictly on the) A
22 -249.8 M
3.30273438 0 32 0 0 (servers' side\), that should be managed on the server side using Cookies or other session) A
22 -263 M
(management mechanisms. ) S
0 -274 M
[/View [/XYZ -4 483.000031 null] /Dest /44 /DEST pdfmark
0 -274 M
[/View [/XYZ -4 483.000031 null] /Dest /45 /DEST pdfmark
0 -289.6 M
13 2 Nf
(5.4.) S
[/View [/XYZ -4 483.000031 null] /Dest /104 /DEST pdfmark
( Parallel deployment with Form/Cookie ) S
(authentications) S
0 -313.8 M
11 0 Nf
5.83854151 0 32 0 0 (In some transition periods, sites may need to support both HTTP-layer and Form-based) A
0 -327 M
(authentications. The following example shows one way to achieve that. ) S
11 -347.6 M
gsave
0 setgray
newpath
11.0 -347.57 2.75 0 360 arc
closepath
fill
grestore
22 -351.2 M
2.07356763 0 32 0 0 (If Cookies are used even for HTTP-authenticated users, each session determined by Cookies) A
22 -364.4 M
(should identify which authentication are used for the session. ) S
11 -375 M
gsave
0 setgray
newpath
11.0 -374.970032 2.75 0 360 arc
closepath
fill
grestore
22 -378.6 M
(First, set up any of the above settings for enabling HTTP-layer authentication. ) S
11 -389.2 M
gsave
0 setgray
newpath
11.0 -389.170044 2.75 0 360 arc
closepath
fill
grestore
22 -392.8 M
0.922991097 0 32 0 0 (For unauthenticated users, put the following things to the Web pages, unless the client supports) A
22 -406 M
(this extension and HTTP-level authentication. ) S
33 -416.6 M
gsave
0 setgray
newpath
33.0 -416.570068 2.75 0 360 arc
closepath
stroke
grestore
44 -420.2 M
(For non-mandatory authenticated pages, put a link to Form-based authenticated pages. ) S
33 -430.8 M
gsave
0 setgray
newpath
33.0 -430.770081 2.75 0 360 arc
closepath
stroke
grestore
44 -434.4 M
0.875976562 0 32 0 0 (For mandatory authenticated pages, either put a link to Form-based authenticated pages, or) A
44 -447.6 M
(put a HTML-level redirection \(using META element\) to such pages. ) S
11 -458.2 M
gsave
0 setgray
newpath
11.0 -458.170105 2.75 0 360 arc
closepath
fill
grestore
22 -461.8 M
1.62583709 0 32 0 0 (In Form-based authenticated pages, if users are not authenticated, it may have a diversion for) A
22 -475 M
(HTTP-level authentication by "location-when-unauthenticated" setting. ) S
11 -485.6 M
gsave
0 setgray
newpath
11.0 -485.570129 2.75 0 360 arc
closepath
fill
grestore
22 -489.2 M
(Users are identified for authorizations and content customizations by the following logic. ) S
33 -499.8 M
gsave
0 setgray
newpath
33.0 -499.770142 2.75 0 360 arc
closepath
stroke
grestore
44 -503.4 M
0.275390625 0 32 0 0 (First, check the result of the HTTP-level authentication. If there is a Cookie session tied to a) A
44 -516.6 M
(specific user, both ones should match. ) S
33 -527.2 M
gsave
0 setgray
newpath
33.0 -527.170166 2.75 0 360 arc
closepath
stroke
grestore
44 -530.8 M
0.384915859 0 32 0 0 (If the user is not authenticated on the HTTP-level, use the conventional Form-based method) A
44 -544 M
(to determine the user. ) S
33 -554.6 M
gsave
0 setgray
newpath
33.0 -554.57019 2.75 0 360 arc
closepath
stroke
grestore
44 -558.2 M
1.51380205 0 32 0 0 (If there is a Cookie tied to an HTTP authentication, but there is no corresponding HTTP) A
44 -571.4 M
0.901692688 0 32 0 0 (authentication result, that session will be discarded \(because it means that authentication is) A
44 -584.6 M
(deactivated by the corresponding user\). ) S
0 -595.6 M
[/View [/XYZ -4 161.39978 null] /Dest /46 /DEST pdfmark
0 -595.6 M
[/View [/XYZ -4 161.39978 null] /Dest /47 /DEST pdfmark
0 -596.6 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 12 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 13 13
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(6.) S
[/View [/XYZ -4 757.0 null] /Dest /105 /DEST pdfmark
( Methods to extend this ) S
(protocol) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.88125 0 32 0 0 (If a private extension to this protocol is implemented, it MUST use the extension-param to avoid) A
0 -55.4 M
(conflicts with this protocol and other future official extensions. ) S
0 -79.6 M
1.36165369 0 32 0 0 (Extension-tokens MAY be freely used for any non-standard, private, and/or experimental uses. The) A
0 -92.8 M
0.280815959 0 32 0 0 (extension-tokens MUST be with format "-<bare-token>.<domain-name>", where <domain-name> is a) A
0 -106 M
0.729910731 0 32 0 0 (validly registered \(sub-\)domain name on the Internet owned by the party who defines the extensions.) A
0 -119.2 M
3.88912249 0 32 0 0 (Unknown parameter names are to be ignored regardless of whether it is extension-tokens or) A
0 -132.4 M
(bare-tokens. ) S
0 -143.4 M
[/View [/XYZ -4 613.6 null] /Dest /48 /DEST pdfmark
0 -143.4 M
[/View [/XYZ -4 613.6 null] /Dest /49 /DEST pdfmark
0 -162.4 M
15 2 Nf
(7.) S
[/View [/XYZ -4 612.6 null] /Dest /106 /DEST pdfmark
( IANA ) S
(Considerations) S
0 -186.6 M
11 0 Nf
0.930338562 0 32 0 0 (Tokens used for the authentication control parameters may be either extension-tokens or bare-tokens) A
0 -199.8 M
1.16848958 0 32 0 0 (as outlined in ) A
gsave
newpath
65.5 -200.9 M
49.4882812 0 RL
stroke
grestore
1.16848958 0 32 0 0 (Section\2402.2) A
[/Rect [64.515625 -202.549988 116.003906 -190.449982] /Subtype /Link /Border [0 0 0] /Dest /11 /ANN pdfmark
1.16848958 0 32 0 0 (. When bare-tokens are used in this protocol, these MUST be allocated by) A
0 -213 M
1.37393463 0 32 0 0 (IANA. Any tokens used for non-private, non-experimental parameters are RECOMMENDED to be) A
0 -226.2 M
(registered to IANA, regardless of the kind of tokens used. ) S
0 -250.4 M
2.24389648 0 32 0 0 (To acquire registered tokens, a specification for the use of such tokens MUST be available as a) A
0 -263.6 M
(publicly-accessible documents, as outlined as "Specification Required" level in ) S
gsave
newpath
351 -264.7 M
50.1054688 0 RL
stroke
grestore
([RFC5226]) S
[/Rect [350.042969 -266.349976 402.148438 -254.249969] /Subtype /Link /Border [0 0 0] /Dest /58 /ANN pdfmark
(. ) S
0 -287.8 M
(Note: More formal declarations will be added in the future drafts to meet the RFC 5226 requirements. ) S
0 -298.8 M
[/View [/XYZ -4 458.2 null] /Dest /50 /DEST pdfmark
0 -298.8 M
[/View [/XYZ -4 458.2 null] /Dest /51 /DEST pdfmark
0 -317.8 M
15 2 Nf
(8.) S
[/View [/XYZ -4 457.2 null] /Dest /107 /DEST pdfmark
( Security ) S
(Considerations) S
0 -342 M
11 0 Nf
0.845312476 0 32 0 0 (The purpose of the log-out timeout feature in the Authentication-control header is to protect users of) A
0 -355.2 M
3.95973563 0 32 0 0 (clients from impersonation caused by an attacker having access to the same console. Server) A
0 -368.4 M
2.29086542 0 32 0 0 (application implementors SHOULD be aware that the directive may always be ignored by either) A
0 -381.6 M
0.102539062 0 32 0 0 (malicious clients or clients not supporting this extension. If the purpose of introducing a timeout for an) A
0 -394.8 M
0.15384616 0 32 0 0 (authentication period is to protect server-side resources, such features MUST be implemented by other) A
0 -408 M
(means such as ) S
gsave
newpath
65.7 -409.1 M
30.2421875 0 RL
stroke
grestore
(HTTP ) S
gsave
newpath
95.9 -409.1 M
36.0507812 0 RL
stroke
grestore
(Cookies) S
[/Rect [64.6679688 -410.750061 132.960938 -398.650055] /Subtype /Link /Border [0 0 0] /Dest /61 /ANN pdfmark
( [RFC6265]. ) S
0 -432.2 M
0.108984374 0 32 0 0 (All parameters in Authentication-Control header SHOULD\240NOT be used for any security-enforcement) A
0 -445.4 M
0.597330749 0 32 0 0 (purposes. Server-side applications MUST be implemented always considering that the header may be) A
0 -458.6 M
(either ignored by clients or even bypassed by users. ) S
0 -469.6 M
[/View [/XYZ -4 287.399902 null] /Dest /52 /DEST pdfmark
0 -469.6 M
[/View [/XYZ -4 287.399902 null] /Dest /53 /DEST pdfmark
0 -488.6 M
15 2 Nf
(9.) S
[/View [/XYZ -4 286.399902 null] /Dest /108 /DEST pdfmark
( ) S
(References) S
0 -496.1 M
[/View [/XYZ -4 260.899902 null] /Dest /54 /DEST pdfmark
0 -514.6 M
13 2 Nf
(9.1.) S
[/View [/XYZ -4 257.999908 null] /Dest /109 /DEST pdfmark
( Normative ) S
(References) S
8 -530.9 M
0.989558935 0.989558935 scale
-0.0 -11.0 RM
11 0 Nf
([I-D.ietf-httpbis-p1-messaging]) S
[/View [/XYZ -4 842 null] /Dest /55 /DEST pdfmark
1.01055121 1.01055121 scale
160.9 -541.9 M
(Fielding, R. and J. Reschke, ) S
(\233) S
gsave
newpath
291.9 -543 M
123.984375 0 RL
stroke
grestore
(Hypertext Transfer Protocol) S
[/Rect [290.942352 -544.650085 416.926727 -532.55011] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p1-messaging-22.txt)] Cd /ANN pdfmark
160.9 -555.1 M
gsave
newpath
160.9 -556.2 M
150.585938 0 RL
stroke
grestore
(\(HTTP/1.1\): Message Syntax and ) S
gsave
newpath
311.5 -556.2 M
35.4453125 0 RL
stroke
grestore
(Routing) S
[/Rect [159.891571 -557.850098 347.922821 -545.750122] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p1-messaging-22.txt)] Cd /ANN pdfmark
(,\234) S
160.9 -568.3 M
(draft-ietf-httpbis-p1-messaging-22 \(work in progress\),) S
160.9 -581.5 M
(February\2402013 ) S
(\() S
gsave
newpath
231.8 -582.6 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [230.750946 -584.250122 254.129852 -572.150146] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p1-messaging-22.txt)] Cd /ANN pdfmark
(\).) S
8 -603.3 M
([I-D.ietf-httpbis-p7-auth]) S
[/View [/XYZ -4 842 null] /Dest /56 /DEST pdfmark
160.9 -603.3 M
(Fielding, R. and J. Reschke, ) S
(\233) S
gsave
newpath
291.9 -604.4 M
123.984375 0 RL
stroke
grestore
(Hypertext Transfer Protocol) S
[/Rect [290.942352 -606.000061 416.926727 -593.900085] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p7-auth-22.txt)] Cd /ANN pdfmark
160.9 -616.5 M
gsave
newpath
160.9 -617.6 M
57.421875 0 RL
stroke
grestore
(\(HTTP/1.1\): ) S
gsave
newpath
218.3 -617.6 M
65.3632812 0 RL
stroke
grestore
(Authentication) S
[/Rect [159.891571 -619.200073 284.676727 -607.100098] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p7-auth-22.txt)] Cd /ANN pdfmark
(,\234 draft-ietf-httpbis-p7-auth-22) S
160.9 -629.7 M
(\(work in progress\), February\2402013 ) S
(\() S
gsave
newpath
318.5 -630.8 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [317.485321 -632.400085 340.864227 -620.30011] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p7-auth-22.txt)] Cd /ANN pdfmark
(\).) S
160.9 -629.7 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 13 -) S
0 setgray
321.8 -8 M
grestore
pgsave restore N
%%Page: 14 14
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
8 -13 M
%%IncludeResource: font Times-Roman
11 0 Nf
([RFC2119]) S
[/View [/XYZ -4 842 null] /Dest /57 /DEST pdfmark
160.9 -13 M
gsave
newpath
160.9 -14.1 M
40.921875 0 RL
stroke
grestore
(Bradner, ) S
gsave
newpath
201.8 -14.1 M
8.86328125 0 RL
stroke
grestore
(S.) S
(, ) S
(\233) S
gsave
newpath
221.1 -14.1 M
169.523438 0 RL
stroke
grestore
(Key words for use in RFCs to Indicate) S
[/Rect [220.05954 -15.75 391.582977 -3.64999962] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc2119)] Cd /ANN pdfmark
160.9 -26.2 M
gsave
newpath
160.9 -27.3 M
59.5585938 0 RL
stroke
grestore
(Requirement ) S
gsave
newpath
220.5 -27.3 M
29.3164062 0 RL
stroke
grestore
(Levels) S
[/Rect [159.891571 -28.95 250.766571 -16.85] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc2119)] Cd /ANN pdfmark
(,\234 BCP\24014, RFC\2402119, March\2401997 ) S
(\() S
gsave
newpath
411.1 -27.3 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [410.082977 -28.95 433.461884 -16.85] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc2119.txt)] Cd /ANN pdfmark
(, ) S
160.9 -39.4 M
gsave
newpath
160.9 -40.5 M
31.15625 0 RL
stroke
grestore
(HTML) S
[/Rect [159.891571 -42.15 193.047821 -30.0500011] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/html/rfc2119.html)] Cd /ANN pdfmark
(, ) S
gsave
newpath
197.5 -40.5 M
24.4375 0 RL
stroke
grestore
(XML) S
[/Rect [196.547821 -42.15 222.985321 -30.0500011] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/xml/rfc2119.xml)] Cd /ANN pdfmark
(\).) S
8 -61.1 M
([RFC5226]) S
[/View [/XYZ -4 842 null] /Dest /58 /DEST pdfmark
160.9 -61.1 M
(Narten, T. and H. Alvestrand, ) S
(\233) S
gsave
newpath
299.2 -62.2 M
113.308594 0 RL
stroke
grestore
(Guidelines for Writing an) S
[/Rect [298.243134 -63.9 413.551727 -51.8000031] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc5226)] Cd /ANN pdfmark
160.9 -74.4 M
gsave
newpath
160.9 -75.5 M
146.007812 0 RL
stroke
grestore
(IANA Considerations Section in ) S
gsave
newpath
306.9 -75.5 M
25.0625 0 RL
stroke
grestore
(RFCs) S
[/Rect [159.891571 -77.1000061 332.961884 -65.0000076] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc5226)] Cd /ANN pdfmark
(,\234 BCP\24026, RFC\2405226,) S
160.9 -87.6 M
(May\2402008 ) S
(\() S
gsave
newpath
212.2 -88.7 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [211.211884 -90.3 234.59079 -78.2000046] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc5226.txt)] Cd /ANN pdfmark
(\).) S
0 -107.3 M
[/View [/XYZ -4 649.7 null] /Dest /59 /DEST pdfmark
0 -122.9 M
%%IncludeResource: font Times-Bold
13 2 Nf
(9.2.) S
[/View [/XYZ -4 649.7 null] /Dest /110 /DEST pdfmark
( Informative ) S
(References) S
8 -150.2 M
11 0 Nf
([I-D.ietf-httpauth-mutual]) S
[/View [/XYZ -4 842 null] /Dest /60 /DEST pdfmark
171.8 -150.2 M
(Oiwa, Y., Watanabe, H., Takagi, H., Kihara, B., Hayashi, T.,) S
171.8 -163.4 M
(and Y. Ioku, ) S
(\233) S
gsave
newpath
234.4 -164.5 M
158.21875 0 RL
stroke
grestore
(Mutual Authentication Protocol for ) S
gsave
newpath
392.6 -164.5 M
27.4921875 0 RL
stroke
grestore
(HTTP) S
[/Rect [233.425827 -166.15 421.13678 -154.049988] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpauth-mutual-00.txt)] Cd /ANN pdfmark
(,\234) S
171.8 -176.6 M
(draft-ietf-httpauth-mutual-00 \(work in progress\), ) S
(July\2402013.) S
8 -198.3 M
([RFC6265]) S
[/View [/XYZ -4 842 null] /Dest /61 /DEST pdfmark
171.8 -198.3 M
(Barth, A., ) S
(\233) S
gsave
newpath
222.8 -199.5 M
115.148438 0 RL
stroke
grestore
(HTTP State Management ) S
gsave
newpath
338 -199.5 M
51.3125 0 RL
stroke
grestore
(Mechanism) S
[/Rect [221.816452 -201.1 390.277405 -189.0] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc6265)] Cd /ANN pdfmark
(,\234) S
171.8 -211.6 M
(RFC\2406265, April\2402011 ) S
(\() S
gsave
newpath
277.2 -212.7 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [276.214905 -214.3 299.593811 -202.2] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc6265.txt)] Cd /ANN pdfmark
(\).) S
8 -222.3 M
0.989591539 0.989591539 scale
-0.0 -11.0 RM
([W3C.CR-webstorage-20111208]) S
[/View [/XYZ -4 842 null] /Dest /62 /DEST pdfmark
1.01051795 1.01051795 scale
171.8 -233.3 M
(Hickson, I., ) S
(\233) S
gsave
newpath
230.8 -234.4 M
23.515625 0 RL
stroke
grestore
(Web ) S
gsave
newpath
254.3 -234.4 M
33.59375 0 RL
stroke
grestore
(Storage) S
[/Rect [229.757858 -236.05 288.867249 -223.95] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.w3.org/TR/2011/CR-webstorage-20111208)] Cd /ANN pdfmark
(,\234 World Wide Web Consortium) S
171.8 -246.5 M
(CR\240CR-webstorage-20111208, December\2402011 ) S
(\() S
gsave
newpath
387.2 -247.6 M
31.15625 0 RL
stroke
grestore
(HTML) S
[/Rect [386.152405 -249.25 419.308655 -237.15] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.w3.org/TR/2011/CR-webstorage-20111208)] Cd /ANN pdfmark
(\).) S
0 -266.2 M
[/View [/XYZ -4 490.75 null] /Dest /63 /DEST pdfmark
0 -285.2 M
15 2 Nf
(Appendix) S
[/View [/XYZ -4 489.75 null] /Dest /111 /DEST pdfmark
( A. \(Informative\) Applicability of features for each ) S
(messages) S
0 -309.5 M
11 0 Nf
3.06933594 0 32 0 0 (This section provides cross-reference table about applicability of each features provided in this) A
0 -322.7 M
0.294010431 0 32 0 0 (specification for each kinds of responses described in ) A
gsave
newpath
239.9 -323.8 M
49.4882812 0 RL
stroke
grestore
0.294010431 0 32 0 0 (Section\2402.1) A
[/Rect [238.945312 -325.400024 290.433594 -313.300018] /Subtype /Link /Border [0 0 0] /Dest /8 /ANN pdfmark
0.294010431 0 32 0 0 (. The table provided in this section is) A
0 -335.9 M
(for informative purposes only. ) S
201 -364.2 M
11 2 Nf
(init.) S
225.7 -364.2 M
11 2 Nf
(success.) S
268.2 -364.2 M
11 2 Nf
(intermed.) S
319.8 -364.2 M
11 2 Nf
(neg.) S
114.9 -383.9 M
11 0 Nf
(Optional ) S
(auth.) S
201 -383.9 M
(O) S
225.7 -383.9 M
(n) S
268.2 -383.9 M
(N) S
319.8 -383.9 M
(N) S
114.9 -403.7 M
(auth-style) S
201 -403.7 M
(O) S
225.7 -403.7 M
(-) S
268.2 -403.7 M
(-) S
319.8 -403.7 M
(O) S
114.9 -423.4 M
(loc.-when-unauth.) S
201 -423.4 M
(O) S
225.7 -423.4 M
(I) S
268.2 -423.4 M
(I) S
319.8 -423.4 M
(i) S
114.9 -443.2 M
(no-auth) S
201 -443.2 M
(O) S
225.7 -443.2 M
(I) S
268.2 -443.2 M
(I) S
319.8 -443.2 M
(i) S
114.9 -462.9 M
(loc.-when-logout) S
201 -462.9 M
(-) S
225.7 -462.9 M
(O) S
268.2 -462.9 M
(-) S
319.8 -462.9 M
(-) S
114.9 -482.7 M
(logout-timeout) S
201 -482.7 M
(-) S
225.7 -482.7 M
(O) S
268.2 -482.7 M
(-) S
319.8 -482.7 M
(-) S
0 -512.6 M
11 0 Nf
(Legends: ) S
0 -525.8 M
(O = MAY contain; n = SHOULD\240NOT contain; N = MUST\240NOT ) S
(contain) S
0 -539 M
(i = SHOULD be ignored; I = MUST be ) S
(ignored;) S
0 -552.2 M
(- = meaningless \(to be ) S
(ignored\)) S
0 -563.2 M
[/View [/XYZ -4 193.799927 null] /Dest /64 /DEST pdfmark
0 -563.2 M
[/View [/XYZ -4 193.799927 null] /Dest /65 /DEST pdfmark
0 -582.2 M
15 2 Nf
(Appendix) S
[/View [/XYZ -4 192.799927 null] /Dest /112 /DEST pdfmark
( B. \(Informative\) Draft ) S
(Notes) S
0 -606.4 M
11 0 Nf
(Things which might be considered for future revisions: ) S
11 -627 M
gsave
0 setgray
newpath
11.0 -626.970093 2.75 0 360 arc
closepath
fill
grestore
22 -630.6 M
1.27517366 0 32 0 0 (In ) A
gsave
newpath
35.2 -631.7 M
110.84375 0 RL
stroke
grestore
1.27517366 0 32 0 0 ([I-D.ietf-httpbis-p7-auth]) A
[/Rect [34.1835938 -633.350098 147.027344 -621.250122] /Subtype /Link /Border [0 0 0] /Dest /56 /ANN pdfmark
1.27517366 0 32 0 0 (, meaning of WWW-Authenticate headers in non-401 responses are) A
22 -643.8 M
2.97691751 0 32 0 0 (defined as "supplying credentials \(or different credentials\) might affect the response". This) A
22 -657 M
8.48188877 0 32 0 0 (clarification change leaves a way for using 200-status responses along with a) A
22 -670.2 M
(WWW-Authenticate header for providing optional ) S
(authentication.) S
22 -670.2 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 14 -) S
0 setgray
44 -8 M
grestore
pgsave restore N
%%Page: 15 15
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
22 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.773112 0 32 0 0 (Incorporating this possibility, however, needs more detailed analysis on the behavior of existing) A
22 -13.2 M
0.96156925 0.96156925 scale
0.0 -13.2 RM
11 0 Nf
(clients and intermediate proxies for such possibly-confusing responses. Optional-WWW-Authenticate) S
1.0399667 1.0399667 scale
22 -25.9 M
0.987014413 0.987014413 scale
0.0 -13.2 RM
(is safer, at least for minimum backward compatibility, because clients not supporting this extension) S
1.01315641 1.01315641 scale
22 -38.9 M
0.964134336 0.964134336 scale
0.0 -13.2 RM
(will consider this header as an unrecognized entity-header, possibly providing opportunity for silently) S
1.03719985 1.03719985 scale
22 -64.8 M
(falling-back to application-level authentications. ) S
0 -75.8 M
[/View [/XYZ -4 681.1521 null] /Dest /66 /DEST pdfmark
0 -75.8 M
[/View [/XYZ -4 681.1521 null] /Dest /67 /DEST pdfmark
0 -94.8 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Appendix) S
[/View [/XYZ -4 680.1521 null] /Dest /113 /DEST pdfmark
( C. \(Informative\) Draft Change ) S
(Log) S
0 -102.3 M
[/View [/XYZ -4 654.6521 null] /Dest /68 /DEST pdfmark
0 -102.3 M
[/View [/XYZ -4 654.6521 null] /Dest /69 /DEST pdfmark
0 -124.8 M
15 2 Nf
(C.1.) S
[/View [/XYZ -4 650.1521 null] /Dest /114 /DEST pdfmark
( Changes in Httpauth revision ) S
(00) S
0 -149 M
11 0 Nf
(None.) S
0 -160 M
[/View [/XYZ -4 596.952148 null] /Dest /70 /DEST pdfmark
0 -160 M
[/View [/XYZ -4 596.952148 null] /Dest /71 /DEST pdfmark
0 -179 M
15 2 Nf
(C.2.) S
[/View [/XYZ -4 595.952148 null] /Dest /115 /DEST pdfmark
( Changes in HttpBis revision ) S
(00) S
0 -203.2 M
11 0 Nf
(None.) S
0 -214.2 M
[/View [/XYZ -4 542.752136 null] /Dest /72 /DEST pdfmark
0 -214.2 M
[/View [/XYZ -4 542.752136 null] /Dest /73 /DEST pdfmark
0 -233.2 M
15 2 Nf
(C.3.) S
[/View [/XYZ -4 541.752136 null] /Dest /116 /DEST pdfmark
( Changes in revision ) S
(02) S
11 -253.8 M
gsave
0 setgray
newpath
11.0 -253.817886 2.75 0 360 arc
closepath
fill
grestore
22 -257.4 M
11 0 Nf
(Added usage ) S
(examples.) S
0 -268.4 M
[/View [/XYZ -4 488.552124 null] /Dest /74 /DEST pdfmark
0 -268.4 M
[/View [/XYZ -4 488.552124 null] /Dest /75 /DEST pdfmark
0 -287.4 M
15 2 Nf
(C.4.) S
[/View [/XYZ -4 487.552124 null] /Dest /117 /DEST pdfmark
( Changes in revision ) S
(01) S
11 -308 M
gsave
0 setgray
newpath
11.0 -308.017883 2.75 0 360 arc
closepath
fill
grestore
22 -311.6 M
11 0 Nf
(Syntax notations and parsing semantics changed to match httpbis ) S
(style.) S
0 -322.6 M
[/View [/XYZ -4 434.352112 null] /Dest /76 /DEST pdfmark
0 -322.6 M
[/View [/XYZ -4 434.352112 null] /Dest /77 /DEST pdfmark
0 -341.6 M
15 2 Nf
(C.5.) S
[/View [/XYZ -4 433.352112 null] /Dest /118 /DEST pdfmark
( Changes in revision ) S
(00) S
11 -362.2 M
gsave
0 setgray
newpath
11.0 -362.217896 2.75 0 360 arc
closepath
fill
grestore
22 -365.8 M
11 0 Nf
(Separated from HTTP Mutual authentication proposal \(-09\). ) S
11 -376.4 M
gsave
0 setgray
newpath
11.0 -376.417908 2.75 0 360 arc
closepath
fill
grestore
22 -380 M
(Adopting httpbis works as a referencing point to HTTP. ) S
11 -390.6 M
gsave
0 setgray
newpath
11.0 -390.61792 2.75 0 360 arc
closepath
fill
grestore
22 -394.2 M
(Generalized, now applicable for all HTTP authentication schemes. ) S
11 -404.8 M
gsave
0 setgray
newpath
11.0 -404.817932 2.75 0 360 arc
closepath
fill
grestore
22 -408.4 M
(Added "no-auth" and "auth-style" parameters. ) S
11 -419 M
gsave
0 setgray
newpath
11.0 -419.017944 2.75 0 360 arc
closepath
fill
grestore
22 -422.6 M
(Loosened standardization requirements for parameter-name tokens ) S
(registration.) S
0 -433.6 M
[/View [/XYZ -4 323.352051 null] /Dest /78 /DEST pdfmark
0 -452.6 M
15 2 Nf
(Authors') S
[/View [/XYZ -4 322.352051 null] /Dest /119 /DEST pdfmark
( ) S
(Addresses) S
0 -477.9 M
11 0 Nf
(\240) S
44.6 -477.9 M
(Yutaka ) S
(Oiwa) S
0 -491.7 M
(\240) S
44.6 -491.7 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -505.4 M
(\240) S
44.6 -505.4 M
(Research Institute for Secure ) S
(Systems) S
0 -519.2 M
(\240) S
44.6 -519.2 M
(3-11-46 ) S
(Nakouji) S
0 -532.9 M
(\240) S
44.6 -532.9 M
(Amagasaki, ) S
(Hyogo) S
0 -546.7 M
(\240) S
44.6 -546.7 M
(JP) S
12.6 -560.4 M
(Email:\240) S
44.6 -560.4 M
gsave
newpath
44.6 -561.5 M
154.285156 0 RL
stroke
grestore
(mutual-auth-contact-ml@aist.go.jp) S
0 -574.2 M
(\240) S
44.6 -574.2 M
(\240) S
0 -587.9 M
(\240) S
44.6 -587.9 M
(Hajime ) S
(Watanabe) S
0 -601.7 M
(\240) S
44.6 -601.7 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -615.4 M
(\240) S
44.6 -615.4 M
(Research Institute for Secure ) S
(Systems) S
0 -629.2 M
(\240) S
44.6 -629.2 M
(Tsukuba Central ) S
(2) S
0 -642.9 M
(\240) S
44.6 -642.9 M
(1-1-1 ) S
(Umezono) S
0 -656.7 M
(\240) S
44.6 -656.7 M
(Tsukuba-shi, ) S
(Ibaraki) S
44.6 -656.7 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 15 -) S
0 setgray
89.3 -8 M
grestore
pgsave restore N
%%Page: 16 16
%%PageResources: font Times-Roman Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -11 M
%%IncludeResource: font Times-Roman
11 0 Nf
(\240) S
44.6 -11 M
(JP) S
0 -24.8 M
(\240) S
44.6 -24.8 M
(\240) S
0 -38.5 M
(\240) S
44.6 -38.5 M
(Hiromitsu ) S
(Takagi) S
0 -52.2 M
(\240) S
44.6 -52.2 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -66 M
(\240) S
44.6 -66 M
(Research Institute for Secure ) S
(Systems) S
0 -79.8 M
(\240) S
44.6 -79.8 M
(Tsukuba Central ) S
(2) S
0 -93.5 M
(\240) S
44.6 -93.5 M
(1-1-1 ) S
(Umezono) S
0 -107.2 M
(\240) S
44.6 -107.2 M
(Tsukuba-shi, ) S
(Ibaraki) S
0 -121 M
(\240) S
44.6 -121 M
(JP) S
0 -134.8 M
(\240) S
44.6 -134.8 M
(\240) S
0 -148.5 M
(\240) S
44.6 -148.5 M
(Boku ) S
(Kihara) S
0 -162.2 M
(\240) S
44.6 -162.2 M
(Lepidum Co. ) S
(Ltd.) S
0 -176 M
(\240) S
44.6 -176 M
(#602, Village Sasazuka ) S
(3) S
0 -189.8 M
(\240) S
44.6 -189.8 M
(1-30-3 ) S
(Sasazuka) S
0 -203.5 M
(\240) S
44.6 -203.5 M
(Shibuya-ku, ) S
(Tokyo) S
0 -217.2 M
(\240) S
44.6 -217.2 M
(JP) S
0 -231 M
(\240) S
44.6 -231 M
(\240) S
0 -244.8 M
(\240) S
44.6 -244.8 M
(Tatsuya ) S
(Hayashi) S
0 -258.5 M
(\240) S
44.6 -258.5 M
(Lepidum Co. ) S
(Ltd.) S
0 -272.2 M
(\240) S
44.6 -272.2 M
(#602, Village Sasazuka ) S
(3) S
0 -286 M
(\240) S
44.6 -286 M
(1-30-3 ) S
(Sasazuka) S
0 -299.8 M
(\240) S
44.6 -299.8 M
(Shibuya-ku, ) S
(Tokyo) S
0 -313.5 M
(\240) S
44.6 -313.5 M
(JP) S
0 -327.2 M
(\240) S
44.6 -327.2 M
(\240) S
0 -341 M
(\240) S
44.6 -341 M
(Yuichi ) S
(Ioku) S
0 -354.8 M
(\240) S
44.6 -354.8 M
(Yahoo! Japan, ) S
(Inc.) S
0 -368.5 M
(\240) S
44.6 -368.5 M
(Midtown ) S
(Tower) S
0 -382.2 M
(\240) S
44.6 -382.2 M
(9-7-1 ) S
(Akasaka) S
0 -396 M
(\240) S
44.6 -396 M
(Minato-ku, ) S
(Tokyo) S
0 -409.8 M
(\240) S
44.6 -409.8 M
(JP) S
0 -423.5 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 16 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-24 11:16:21 |