One document matched: draft-ietf-httpauth-extension-04.ps
%!PS-Adobe-3.0
%%Title: HTTP Authentication Extensions for Interactive Clients
%%Creator: html2ps version 1.0 beta7
%%CreationDate: Mon Jul 6 07:57:42 2015
%%DocumentNeededResources: font Times-Roman Times-Bold Courier Courier-Oblique
%%+ font Helvetica
%%DocumentData: Clean7Bit
%%Orientation: Portrait
%%BoundingBox: 0 0 596 842
%%Pages: 19
%%EndComments
%%BeginProlog
/d {bind def} bind def
/D {def} d
/ie {ifelse} d
/E {exch} d
/t true D
/f false D
/FL [/Times-Roman
/Times-Italic
/Times-Bold
/Times-BoldItalic
/Courier
/Courier-Oblique
/Courier-Bold
/Courier-BoldOblique
/Helvetica
/Helvetica-Oblique
/Helvetica-Bold
/Helvetica-BoldOblique] D
/Cd {aload length 2 idiv dup dict begin {D} repeat currentdict end} D
/reencodeISO {
dup dup findfont dup length dict begin{1 index /FID ne{D}{pop pop}ie}forall
/Encoding ISOLatin1Encoding D currentdict end definefont} D
/ISOLatin1Encoding [
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright
/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash
/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon
/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N
/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright
/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m
/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/space/exclamdown/cent/sterling/currency/yen/brokenbar
/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot
/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior
/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine
/guillemotright/onequarter/onehalf/threequarters/questiondown
/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla
/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute
/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis
/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave
/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex
/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis
/yacute/thorn/ydieresis
] D
[128/backslash 129/parenleft 130/parenright 141/circumflex 142/tilde
143/perthousand 144/dagger 145/daggerdbl 146/Ydieresis 147/scaron 148/Scaron
149/oe 150/OE 151/guilsinglleft 152/guilsinglright 153/quotesinglbase
154/quotedblbase 155/quotedblleft 156/quotedblright 157/endash 158/emdash
159/trademark]
aload length 2 idiv 1 1 3 -1 roll{pop ISOLatin1Encoding 3 1 roll put}for
/colorimage where{pop}{
/colorimage {
pop pop /Pr E D {/Cv Pr D /Gr Cv length 3 idiv string D 0 1 Gr length 1 sub
{Gr E dup /i E 3 mul D Cv i get 0.299 mul Cv i 1 add get 0.587 mul add
Cv i 2 add get 0.114 mul add cvi put}for Gr} image} D
}ie
/pdfmark where{pop}{userdict /pdfmark /cleartomark load put}ie
/MySymbol 10 dict dup begin
/FontType 3 D /FontMatrix [.001 0 0 .001 0 0 ] D /FontBBox [25 -10 600 600] D
/Encoding 256 array D 0 1 255{Encoding exch /.notdef put}for
Encoding (e) 0 get /euro put
/Metrics 2 dict D Metrics begin
/.notdef 0 D
/euro 651 D
end
/BBox 2 dict D BBox begin
/.notdef [0 0 0 0] D
/euro [25 -10 600 600] D
end
/CharacterDefs 2 dict D CharacterDefs begin
/.notdef {} D
/euro{newpath 114 600 moveto 631 600 lineto 464 200 lineto 573 200 lineto
573 0 lineto -94 0 lineto 31 300 lineto -10 300 lineto closepath clip
50 setlinewidth newpath 656 300 moveto 381 300 275 0 360 arc stroke
-19 350 moveto 600 0 rlineto -19 250 moveto 600 0 rlineto stroke}d
end
/BuildChar{0 begin
/char E D /fontdict E D /charname fontdict /Encoding get char get D
fontdict begin
Metrics charname get 0 BBox charname get aload pop setcachedevice
CharacterDefs charname get exec
end
end}D
/BuildChar load 0 3 dict put /UniqueID 1 D
end
definefont pop
/Nf {dup 0 ge{FL E get}{-1 eq{/Symbol}{/MySymbol}ie}ie findfont
E scalefont setfont} D
/IP {currentfile picstr readhexstring pop} D
/WF t D
/F 1 D
/N {showpage} d
/RL {rlineto} d
/S {show} d
/L {lineto} d
/M {moveto} d
/A {awidthshow} d
/RM {rmoveto} d
%%EndProlog
%%BeginSetup
%%PaperSize: A4
WF{FL{reencodeISO D}forall}{4 1 FL length 1 sub{FL E get reencodeISO D}for}ie
/Symbol dup dup findfont dup length dict begin
{1 index /FID ne{D}{pop pop}ie}forall /Encoding [Encoding aload pop]
dup 128 /therefore put D currentdict end definefont D
[/Creator (html2ps version 1.0 beta7) /Author () /Keywords (HTTP, authentication) /Subject () /Title (HTTP Authentication Extensions for Interactive Clients) /DOCINFO pdfmark
[/PageMode /UseOutlines /DOCVIEW pdfmark
[/Count 1 /Dest /91 /Title (HTTP Authentication Extensions for Interactive Clients draft-ietf-httpauth-extension-04) /OUT pdfmark
[/Count 25 /Dest /92 /Title () /OUT pdfmark
[/Dest /92 /Title (Abstract) /OUT pdfmark
[/Dest /93 /Title (Status of this Memo) /OUT pdfmark
[/Dest /94 /Title (Copyright Notice) /OUT pdfmark
[/Dest /95 /Title (Table of Contents) /OUT pdfmark
[/Count -1 /Dest /96 /Title (1. Introduction) /OUT pdfmark
[/Dest /97 /Title (1.1. Terminology) /OUT pdfmark
[/Count -2 /Dest /98 /Title (2. Definitions) /OUT pdfmark
[/Dest /99 /Title (2.1. Terms for describing authentication protocol flow) /OUT pdfmark
[/Dest /100 /Title (2.2. Syntax Notation) /OUT pdfmark
[/Dest /101 /Title (3. Optional Authentication) /OUT pdfmark
[/Count -7 /Dest /102 /Title (4. Authentication-Control header) /OUT pdfmark
[/Dest /103 /Title (4.1. Non-ASCII extended header parameters) /OUT pdfmark
[/Dest /104 /Title (4.2. Auth-style parameter) /OUT pdfmark
[/Dest /105 /Title (4.3. Location-when-unauthenticated parameter) /OUT pdfmark
[/Dest /106 /Title (4.4. No-auth parameter) /OUT pdfmark
[/Dest /107 /Title (4.5. Location-when-logout parameter) /OUT pdfmark
[/Dest /108 /Title (4.6. Logout-timeout parameter) /OUT pdfmark
[/Dest /109 /Title (4.7. Username parameter) /OUT pdfmark
[/Count -7 /Dest /110 /Title (5. Usage examples \(informative\)) /OUT pdfmark
[/Dest /111 /Title (5.1. Example 1: a portal site) /OUT pdfmark
[/Dest /112 /Title (5.1.1. Case 1: a simple application) /OUT pdfmark
[/Dest /113 /Title (5.1.2. Case 2: specific action required on log-out) /OUT pdfmark
[/Dest /114 /Title (5.1.3. Case 3: specific page displayed before log-in) /OUT pdfmark
[/Dest /115 /Title (5.2. Example 2: authenticated user-only sites) /OUT pdfmark
[/Dest /116 /Title (5.3. When to use Cookies) /OUT pdfmark
[/Dest /117 /Title (5.4. Parallel deployment with Form/Cookie authentications) /OUT pdfmark
[/Dest /118 /Title (6. Methods to extend this protocol) /OUT pdfmark
[/Dest /119 /Title (7. IANA Considerations) /OUT pdfmark
[/Dest /120 /Title (8. Security Considerations) /OUT pdfmark
[/Count -2 /Dest /121 /Title (9. References) /OUT pdfmark
[/Dest /122 /Title (9.1. Normative References) /OUT pdfmark
[/Dest /123 /Title (9.2. Informative References) /OUT pdfmark
[/Dest /124 /Title (Appendix A. \(Informative\) Applicability of features for each messages) /OUT pdfmark
[/Dest /125 /Title (Appendix B. \(Informative\) Draft Notes) /OUT pdfmark
[/Dest /126 /Title (Appendix C. \(Informative\) Draft Change Log) /OUT pdfmark
[/Dest /127 /Title (C.1. Changes in Httpauth WG revision 04) /OUT pdfmark
[/Dest /128 /Title (C.2. Changes in Httpauth WG revision 03) /OUT pdfmark
[/Dest /129 /Title (C.3. Changes in Httpauth WG revision 02) /OUT pdfmark
[/Dest /130 /Title (C.4. Changes in Httpauth WG revision 01) /OUT pdfmark
[/Dest /131 /Title (C.5. Changes in Httpauth revision 00 and HttpBis revision 00) /OUT pdfmark
[/Dest /132 /Title (C.6. Changes in revision 02) /OUT pdfmark
[/Dest /133 /Title (C.7. Changes in revision 01) /OUT pdfmark
[/Dest /134 /Title (C.8. Changes in revision 00) /OUT pdfmark
[/Dest /135 /Title (Authors' Addresses) /OUT pdfmark
%%EndSetup
%%Page: 1 1
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 842 null] /Dest /0 /DEST pdfmark
0 -0 M
save
2.5 -13.5 M
%%IncludeResource: font Times-Roman
11 0 Nf
(HTTPAUTH Working ) S
(Group) S
208 -13.5 M
(Y. ) S
(Oiwa) S
2.5 -32.2 M
(Internet-Draft) S
208 -32.2 M
(H. ) S
(Watanabe) S
2.5 -51 M
(Intended status: ) S
(Experimental) S
208 -51 M
(H. ) S
(Takagi) S
2.5 -69.8 M
(Expires: January 7, ) S
(2016) S
208 -69.8 M
(ITRI, ) S
(AIST) S
2.5 -88.5 M
(\240) S
208 -88.5 M
(T. ) S
(Hayashi) S
2.5 -107.2 M
(\240) S
208 -107.2 M
(Lepidum) S
2.5 -126 M
(\240) S
208 -126 M
(Y. ) S
(Ioku) S
2.5 -144.8 M
(\240) S
208 -144.8 M
(Individual) S
2.5 -163.5 M
(\240) S
208 -163.5 M
(July 6, ) S
(2015) S
0 -168.8 M
restore
227 -183.9 M
[/View [/XYZ -4 842 null] /Dest /91 /DEST pdfmark
30.7 -202.9 M
%%IncludeResource: font Times-Bold
19 2 Nf
(HTTP Authentication Extensions for Interactive ) S
198.5 -225.8 M
(Clients) S
97.7 -248.6 M
(draft-ietf-httpauth-extension-04) S
0 -278.6 M
15 2 Nf
(Abstract) S
[/View [/XYZ -4 496.45 null] /Dest /92 /DEST pdfmark
0 -302.8 M
11 0 Nf
1.15983069 0 32 0 0 (This document specifies a few extensions of HTTP authentication framework for interactive clients.) A
0 -316 M
0.569602251 0 32 0 0 (Recently, fundamental features of HTTP-level authentication is not enough for complex requirements) A
0 -329.2 M
5.34304 0 32 0 0 (of various Web-based applications. This makes these applications to implement their own) A
0 -342.4 M
1.13762021 0 32 0 0 (authentication frameworks using HTML Forms and other means, which becomes one of the hurdles) A
0 -355.6 M
3.25195312 0 32 0 0 (against introducing secure authentication mechanisms handled jointly by servers and user-agent) A
0 -368.8 M
3.90198874 0 32 0 0 (clients. The extended framework fills gaps between Web application requirements and HTTP) A
0 -382 M
3.64453125 0 32 0 0 (authentication provisions to solve the above problems, while maintaining compatibility against) A
0 -395.2 M
(existing Web and non-Web uses of HTTP authentications. ) S
0 -425.2 M
15 2 Nf
(Status) S
[/View [/XYZ -4 349.849915 null] /Dest /93 /DEST pdfmark
( of this ) S
(Memo) S
0 -449.4 M
11 0 Nf
(This Internet-Draft is submitted in full conformance with the provisions of BCP\24078 and ) S
(BCP\24079.) S
0 -473.6 M
0.34375 0 32 0 0 (Internet-Drafts are working documents of the Internet Engineering Task Force \(IETF\). Note that other) A
0 -486.8 M
0.389423072 0 32 0 0 (groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is) A
0 -500 M
(at ) S
(http://datatracker.ietf.org/drafts/current/.) S
0 -524.2 M
0.275781244 0 32 0 0 (Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced,) A
0 -537.4 M
1.51927078 0 32 0 0 (or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference) A
0 -550.6 M
(material or to cite them other than as \233work in ) S
(progress.\234) S
0 -574.8 M
(This Internet-Draft will expire on January 7, ) S
(2016.) S
0 -604.8 M
15 2 Nf
(Copyright) S
[/View [/XYZ -4 170.249817 null] /Dest /94 /DEST pdfmark
( ) S
(Notice) S
0 -629 M
11 0 Nf
(Copyright \(c\) 2015 IETF Trust and the persons identified as the document authors. All rights ) S
(reserved.) S
0 -629 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 1 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 2 2
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
3.1208334 0 32 0 0 (This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF) A
0 -26.4 M
1.34730113 0 32 0 0 (Documents \(http://trustee.ietf.org/license-info\) in effect on the date of publication of this document.) A
0 -39.6 M
0.819475472 0 32 0 0 (Please review these documents carefully, as they describe your rights and restrictions with respect to) A
0 -52.8 M
0.287109375 0 32 0 0 (this document. Code Components extracted from this document must include Simplified BSD License) A
0 -66 M
1.24951172 0 32 0 0 (text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as) A
0 -79.2 M
(described in the Simplified BSD ) S
(License.) S
0 -90.2 M
[/View [/XYZ -4 666.8 null] /Dest /1 /DEST pdfmark
0 -109.2 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Table) S
[/View [/XYZ -4 665.8 null] /Dest /95 /DEST pdfmark
( of ) S
(Contents) S
0 -133.4 M
gsave
newpath
0 -134.5 M
8.25 0 RL
stroke
grestore
11 0 Nf
(1.) S
[/Rect [-1.0 -136.15 9.25 -124.049995] /Subtype /Link /Border [0 0 0] /Dest /2 /ANN pdfmark
(\240 ) S
(Introduction) S
0 -146.6 M
(\240\240\240\240) S
gsave
newpath
11 -147.7 M
16.5 0 RL
stroke
grestore
(1.1.) S
[/Rect [10.0 -149.349991 28.5 -137.249985] /Subtype /Link /Border [0 0 0] /Dest /4 /ANN pdfmark
(\240 ) S
(Terminology) S
0 -159.8 M
gsave
newpath
0 -160.9 M
8.25 0 RL
stroke
grestore
(2.) S
[/Rect [-1.0 -162.549988 9.25 -150.449982] /Subtype /Link /Border [0 0 0] /Dest /6 /ANN pdfmark
(\240 ) S
(Definitions) S
0 -173 M
(\240\240\240\240) S
gsave
newpath
11 -174.1 M
16.5 0 RL
stroke
grestore
(2.1.) S
[/Rect [10.0 -175.749985 28.5 -163.649979] /Subtype /Link /Border [0 0 0] /Dest /8 /ANN pdfmark
(\240 Terms for describing authentication protocol ) S
(flow) S
0 -186.2 M
(\240\240\240\240) S
gsave
newpath
11 -187.3 M
16.5 0 RL
stroke
grestore
(2.2.) S
[/Rect [10.0 -188.949982 28.5 -176.849976] /Subtype /Link /Border [0 0 0] /Dest /11 /ANN pdfmark
(\240 Syntax ) S
(Notation) S
0 -199.4 M
gsave
newpath
0 -200.5 M
8.25 0 RL
stroke
grestore
(3.) S
[/Rect [-1.0 -202.149979 9.25 -190.049973] /Subtype /Link /Border [0 0 0] /Dest /14 /ANN pdfmark
(\240 Optional ) S
(Authentication) S
0 -212.6 M
gsave
newpath
0 -213.7 M
8.25 0 RL
stroke
grestore
(4.) S
[/Rect [-1.0 -215.349976 9.25 -203.249969] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\240 Authentication-Control ) S
(header) S
0 -225.8 M
(\240\240\240\240) S
gsave
newpath
11 -226.9 M
16.5 0 RL
stroke
grestore
(4.1.) S
[/Rect [10.0 -228.549973 28.5 -216.449966] /Subtype /Link /Border [0 0 0] /Dest /20 /ANN pdfmark
(\240 Non-ASCII extended header ) S
(parameters) S
0 -239 M
(\240\240\240\240) S
gsave
newpath
11 -240.1 M
16.5 0 RL
stroke
grestore
(4.2.) S
[/Rect [10.0 -241.749969 28.5 -229.649963] /Subtype /Link /Border [0 0 0] /Dest /22 /ANN pdfmark
(\240 Auth-style ) S
(parameter) S
0 -252.2 M
(\240\240\240\240) S
gsave
newpath
11 -253.3 M
16.5 0 RL
stroke
grestore
(4.3.) S
[/Rect [10.0 -254.949966 28.5 -242.84996] /Subtype /Link /Border [0 0 0] /Dest /24 /ANN pdfmark
(\240 Location-when-unauthenticated ) S
(parameter) S
0 -265.4 M
(\240\240\240\240) S
gsave
newpath
11 -266.5 M
16.5 0 RL
stroke
grestore
(4.4.) S
[/Rect [10.0 -268.149963 28.5 -256.049957] /Subtype /Link /Border [0 0 0] /Dest /26 /ANN pdfmark
(\240 No-auth ) S
(parameter) S
0 -278.6 M
(\240\240\240\240) S
gsave
newpath
11 -279.7 M
16.5 0 RL
stroke
grestore
(4.5.) S
[/Rect [10.0 -281.349976 28.5 -269.249969] /Subtype /Link /Border [0 0 0] /Dest /28 /ANN pdfmark
(\240 Location-when-logout ) S
(parameter) S
0 -291.8 M
(\240\240\240\240) S
gsave
newpath
11 -292.9 M
16.5 0 RL
stroke
grestore
(4.6.) S
[/Rect [10.0 -294.55 28.5 -282.449982] /Subtype /Link /Border [0 0 0] /Dest /30 /ANN pdfmark
(\240 Logout-timeout ) S
(parameter) S
0 -305 M
(\240\240\240\240) S
gsave
newpath
11 -306.1 M
16.5 0 RL
stroke
grestore
(4.7.) S
[/Rect [10.0 -307.75 28.5 -295.65] /Subtype /Link /Border [0 0 0] /Dest /32 /ANN pdfmark
(\240 Username ) S
(parameter) S
0 -318.2 M
gsave
newpath
0 -319.3 M
8.25 0 RL
stroke
grestore
(5.) S
[/Rect [-1.0 -320.95 9.25 -308.85] /Subtype /Link /Border [0 0 0] /Dest /34 /ANN pdfmark
(\240 Usage examples ) S
(\(informative\)) S
0 -331.4 M
(\240\240\240\240) S
gsave
newpath
11 -332.5 M
16.5 0 RL
stroke
grestore
(5.1.) S
[/Rect [10.0 -334.150024 28.5 -322.050018] /Subtype /Link /Border [0 0 0] /Dest /36 /ANN pdfmark
(\240 Example 1: a portal ) S
(site) S
0 -344.6 M
(\240\240\240\240\240\240\240\240) S
gsave
newpath
22 -345.7 M
24.75 0 RL
stroke
grestore
(5.1.1.) S
[/Rect [21.0 -347.350037 47.75 -335.250031] /Subtype /Link /Border [0 0 0] /Dest /38 /ANN pdfmark
(\240 Case 1: a simple ) S
(application) S
0 -357.8 M
(\240\240\240\240\240\240\240\240) S
gsave
newpath
22 -358.9 M
24.75 0 RL
stroke
grestore
(5.1.2.) S
[/Rect [21.0 -360.550049 47.75 -348.450043] /Subtype /Link /Border [0 0 0] /Dest /40 /ANN pdfmark
(\240 Case 2: specific action required on ) S
(log-out) S
0 -371 M
(\240\240\240\240\240\240\240\240) S
gsave
newpath
22 -372.1 M
24.75 0 RL
stroke
grestore
(5.1.3.) S
[/Rect [21.0 -373.750061 47.75 -361.650055] /Subtype /Link /Border [0 0 0] /Dest /42 /ANN pdfmark
(\240 Case 3: specific page displayed before ) S
(log-in) S
0 -384.2 M
(\240\240\240\240) S
gsave
newpath
11 -385.3 M
16.5 0 RL
stroke
grestore
(5.2.) S
[/Rect [10.0 -386.950073 28.5 -374.850067] /Subtype /Link /Border [0 0 0] /Dest /44 /ANN pdfmark
(\240 Example 2: authenticated user-only ) S
(sites) S
0 -397.4 M
(\240\240\240\240) S
gsave
newpath
11 -398.5 M
16.5 0 RL
stroke
grestore
(5.3.) S
[/Rect [10.0 -400.150085 28.5 -388.050079] /Subtype /Link /Border [0 0 0] /Dest /46 /ANN pdfmark
(\240 When to use ) S
(Cookies) S
0 -410.6 M
(\240\240\240\240) S
gsave
newpath
11 -411.7 M
16.5 0 RL
stroke
grestore
(5.4.) S
[/Rect [10.0 -413.350098 28.5 -401.250092] /Subtype /Link /Border [0 0 0] /Dest /48 /ANN pdfmark
(\240 Parallel deployment with Form/Cookie ) S
(authentications) S
0 -423.8 M
gsave
newpath
0 -424.9 M
8.25 0 RL
stroke
grestore
(6.) S
[/Rect [-1.0 -426.55011 9.25 -414.450104] /Subtype /Link /Border [0 0 0] /Dest /50 /ANN pdfmark
(\240 Methods to extend this ) S
(protocol) S
0 -437 M
gsave
newpath
0 -438.1 M
8.25 0 RL
stroke
grestore
(7.) S
[/Rect [-1.0 -439.750122 9.25 -427.650116] /Subtype /Link /Border [0 0 0] /Dest /52 /ANN pdfmark
(\240 IANA ) S
(Considerations) S
0 -450.2 M
gsave
newpath
0 -451.3 M
8.25 0 RL
stroke
grestore
(8.) S
[/Rect [-1.0 -452.950134 9.25 -440.850128] /Subtype /Link /Border [0 0 0] /Dest /54 /ANN pdfmark
(\240 Security ) S
(Considerations) S
0 -463.4 M
gsave
newpath
0 -464.5 M
8.25 0 RL
stroke
grestore
(9.) S
[/Rect [-1.0 -466.150146 9.25 -454.05014] /Subtype /Link /Border [0 0 0] /Dest /58 /ANN pdfmark
(\240 ) S
(References) S
0 -476.6 M
(\240\240\240\240) S
gsave
newpath
11 -477.7 M
16.5 0 RL
stroke
grestore
(9.1.) S
[/Rect [10.0 -479.350159 28.5 -467.250153] /Subtype /Link /Border [0 0 0] /Dest /58 /ANN pdfmark
(\240 Normative ) S
(References) S
0 -489.8 M
(\240\240\240\240) S
gsave
newpath
11 -490.9 M
16.5 0 RL
stroke
grestore
(9.2.) S
[/Rect [10.0 -492.550171 28.5 -480.450165] /Subtype /Link /Border [0 0 0] /Dest /64 /ANN pdfmark
(\240 Informative ) S
(References) S
0 -503 M
gsave
newpath
0 -504.1 M
56.8203125 0 RL
stroke
grestore
(Appendix\240A.) S
[/Rect [-1.0 -505.750183 57.8203125 -493.650177] /Subtype /Link /Border [0 0 0] /Dest /90 /ANN pdfmark
(\240 \(Informative\) Applicability of features for each ) S
(messages) S
0 -516.2 M
gsave
newpath
0 -517.3 M
56.2148438 0 RL
stroke
grestore
(Appendix\240B.) S
[/Rect [-1.0 -518.950195 57.2148438 -506.850189] /Subtype /Link /Border [0 0 0] /Dest /69 /ANN pdfmark
(\240 \(Informative\) Draft ) S
(Notes) S
0 -529.4 M
gsave
newpath
0 -530.5 M
56.2148438 0 RL
stroke
grestore
(Appendix\240C.) S
[/Rect [-1.0 -532.150208 57.2148438 -520.050232] /Subtype /Link /Border [0 0 0] /Dest /71 /ANN pdfmark
(\240 \(Informative\) Draft Change ) S
(Log) S
0 -542.6 M
(\240\240\240\240) S
gsave
newpath
11 -543.7 M
18.3359375 0 RL
stroke
grestore
(C.1.) S
[/Rect [10.0 -545.35022 30.3359375 -533.250244] /Subtype /Link /Border [0 0 0] /Dest /73 /ANN pdfmark
(\240 Changes in Httpauth WG revision ) S
(04) S
0 -555.8 M
(\240\240\240\240) S
gsave
newpath
11 -556.9 M
18.3359375 0 RL
stroke
grestore
(C.2.) S
[/Rect [10.0 -558.550232 30.3359375 -546.450256] /Subtype /Link /Border [0 0 0] /Dest /75 /ANN pdfmark
(\240 Changes in Httpauth WG revision ) S
(03) S
0 -569 M
(\240\240\240\240) S
gsave
newpath
11 -570.1 M
18.3359375 0 RL
stroke
grestore
(C.3.) S
[/Rect [10.0 -571.750244 30.3359375 -559.650269] /Subtype /Link /Border [0 0 0] /Dest /77 /ANN pdfmark
(\240 Changes in Httpauth WG revision ) S
(02) S
0 -582.2 M
(\240\240\240\240) S
gsave
newpath
11 -583.3 M
18.3359375 0 RL
stroke
grestore
(C.4.) S
[/Rect [10.0 -584.950256 30.3359375 -572.850281] /Subtype /Link /Border [0 0 0] /Dest /79 /ANN pdfmark
(\240 Changes in Httpauth WG revision ) S
(01) S
0 -595.4 M
(\240\240\240\240) S
gsave
newpath
11 -596.5 M
18.3359375 0 RL
stroke
grestore
(C.5.) S
[/Rect [10.0 -598.150269 30.3359375 -586.050293] /Subtype /Link /Border [0 0 0] /Dest /81 /ANN pdfmark
(\240 Changes in Httpauth revision 00 and HttpBis revision ) S
(00) S
0 -608.6 M
(\240\240\240\240) S
gsave
newpath
11 -609.7 M
18.3359375 0 RL
stroke
grestore
(C.6.) S
[/Rect [10.0 -611.350281 30.3359375 -599.250305] /Subtype /Link /Border [0 0 0] /Dest /83 /ANN pdfmark
(\240 Changes in revision ) S
(02) S
0 -621.8 M
(\240\240\240\240) S
gsave
newpath
11 -622.9 M
18.3359375 0 RL
stroke
grestore
(C.7.) S
[/Rect [10.0 -624.550293 30.3359375 -612.450317] /Subtype /Link /Border [0 0 0] /Dest /85 /ANN pdfmark
(\240 Changes in revision ) S
(01) S
0 -635 M
(\240\240\240\240) S
gsave
newpath
11 -636.1 M
18.3359375 0 RL
stroke
grestore
(C.8.) S
[/Rect [10.0 -637.750305 30.3359375 -625.65033] /Subtype /Link /Border [0 0 0] /Dest /87 /ANN pdfmark
(\240 Changes in revision ) S
(00) S
0 -648.2 M
gsave
newpath
0 -649.3 M
5.5 0 RL
stroke
grestore
(\247) S
[/Rect [-1.0 -650.950317 6.5 -638.850342] /Subtype /Link /Border [0 0 0] /Dest /89 /ANN pdfmark
(\240 Authors' ) S
(Addresses) S
0 -648.2 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 2 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 3 3
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /2 /DEST pdfmark
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /3 /DEST pdfmark
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(1.) S
[/View [/XYZ -4 757.0 null] /Dest /96 /DEST pdfmark
( ) S
(Introduction) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.6484375 0 32 0 0 (The document proposes several extensions to the current HTTP authentication framework, to provide) A
0 -55.4 M
0.107031249 0 32 0 0 (enough functionality comparable with current widely-used form-based Web authentication. A majority) A
0 -68.6 M
1.37571025 0 32 0 0 (of the recent Web-sites on the Internet use custom application-layer authentication implementations) A
0 -81.8 M
1.38354492 0 32 0 0 (using Web forms. The reasons for these may vary, but many people believe that the current HTTP) A
0 -95 M
3.24153638 0 32 0 0 (Basic \(and Digest, too\) authentication method does not have enough functionality \(including a) A
0 -108.2 M
3.09801126 0 32 0 0 (good-feeling user interfaces\) to support most of realistic Web-based applications. However, the) A
0 -121.4 M
3.95842624 0 32 0 0 (method is very weak against phishing and other attacks, because the whole behavior of the) A
0 -134.6 M
0.857572138 0 32 0 0 (authentication is controlled from the server-side applications. This makes it really hard to implement) A
0 -147.8 M
4.19648457 0 32 0 0 (any cryptographically strong authentication mechanisms into Web systems. To overcome this) A
0 -161 M
0.717122376 0 32 0 0 (problem, we need to "modernize" the HTTP authentication framework so that better client-controlled) A
0 -174.2 M
0.0733817 0 32 0 0 (secure methods can be used with Web applications. The extensions proposed in this document include: ) A
11 -194.8 M
gsave
0 setgray
newpath
11.0 -194.769989 2.75 0 360 arc
closepath
fill
grestore
22 -198.4 M
(non-mandatory, optional authentication on HTTP ) S
(\() S
gsave
newpath
246.2 -199.5 M
41.2382812 0 RL
stroke
grestore
(Section\2403) S
[/Rect [245.199219 -201.149979 288.4375 -189.049973] /Subtype /Link /Border [0 0 0] /Dest /14 /ANN pdfmark
(\), ) S
11 -209 M
gsave
0 setgray
newpath
11.0 -208.969986 2.75 0 360 arc
closepath
fill
grestore
22 -212.6 M
(log out from both server and client side ) S
(\() S
gsave
newpath
201.6 -213.7 M
41.2382812 0 RL
stroke
grestore
(Section\2404) S
[/Rect [200.589844 -215.349976 243.828125 -203.249969] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\), and ) S
11 -223.2 M
gsave
0 setgray
newpath
11.0 -223.169983 2.75 0 360 arc
closepath
fill
grestore
22 -226.8 M
(finer control for redirection depending on authentication status ) S
(\() S
gsave
newpath
304.2 -227.9 M
41.2382812 0 RL
stroke
grestore
(Section\2404) S
[/Rect [303.195312 -229.549973 346.433594 -217.449966] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\).) S
0 -237.8 M
[/View [/XYZ -4 519.2 null] /Dest /4 /DEST pdfmark
0 -237.8 M
[/View [/XYZ -4 519.2 null] /Dest /5 /DEST pdfmark
0 -253.4 M
13 2 Nf
(1.1.) S
[/View [/XYZ -4 519.2 null] /Dest /97 /DEST pdfmark
( ) S
(Terminology) S
0 -277.6 M
11 0 Nf
2.37011719 0 32 0 0 (The key words "MUST", "MUST\240NOT", "REQUIRED", "SHALL", "SHALL\240NOT", "SHOULD",) A
0 -290.8 M
1.49739587 0 32 0 0 ("SHOULD\240NOT", "RECOMMENDED", "NOT\240RECOMMENDED", "MAY", and "OPTIONAL" in) A
0 -304 M
(this document are to be interpreted as described in ) S
gsave
newpath
223.9 -305.1 M
50.1054688 0 RL
stroke
grestore
([RFC2119]) S
[/Rect [222.863281 -306.75 274.96875 -294.65] /Subtype /Link /Border [0 0 0] /Dest /59 /ANN pdfmark
(.) S
0 -328.2 M
6.61002588 0 32 0 0 (The terms "encouraged" and "advised" are used for suggestions that do not constitute) A
0 -341.4 M
3.4172585 0 32 0 0 ("SHOULD"-level requirements. People MAY freely choose not to include the suggested items) A
0 -354.6 M
0.508091509 0 32 0 0 (regarding ) A
gsave
newpath
45.4 -355.7 M
50.1054688 0 RL
stroke
grestore
0.508091509 0 32 0 0 ([RFC2119]) A
[/Rect [44.3984375 -357.350037 96.5039062 -345.250031] /Subtype /Link /Border [0 0 0] /Dest /59 /ANN pdfmark
0.508091509 0 32 0 0 (, but complying with those suggestions would be a best practice; it will improve) A
0 -367.8 M
(the security, interoperability, and/or operational ) S
(performance.) S
0 -392 M
0.310302734 0 32 0 0 (This document distinguishes the terms "client" and "user" in the following way: A "client" is an entity) A
0 -405.2 M
0.23401989 0 32 0 0 (understanding and talking HTTP and the specified authentication protocol, usually computer software;) A
0 -418.4 M
(a "user" is a \(usually natural\) person who wants to access data resources using "a ) S
(client".) S
0 -429.4 M
[/View [/XYZ -4 327.599915 null] /Dest /6 /DEST pdfmark
0 -429.4 M
[/View [/XYZ -4 327.599915 null] /Dest /7 /DEST pdfmark
0 -448.4 M
15 2 Nf
(2.) S
[/View [/XYZ -4 326.599915 null] /Dest /98 /DEST pdfmark
( ) S
(Definitions) S
0 -455.9 M
[/View [/XYZ -4 301.099915 null] /Dest /8 /DEST pdfmark
0 -455.9 M
[/View [/XYZ -4 301.099915 null] /Dest /9 /DEST pdfmark
0 -474.4 M
13 2 Nf
(2.1.) S
[/View [/XYZ -4 298.199921 null] /Dest /99 /DEST pdfmark
( Terms for describing authentication protocol ) S
(flow) S
0 -498.6 M
11 0 Nf
7.14595175 0 32 0 0 (HTTP Authentication defined in ) A
gsave
newpath
174 -499.7 M
50.1054688 0 RL
stroke
grestore
7.14595175 0 32 0 0 ([RFC7235]) A
[/Rect [172.96875 -501.350098 225.074219 -489.250092] /Subtype /Link /Border [0 0 0] /Dest /63 /ANN pdfmark
7.14595175 0 32 0 0 ( may involve with several pairs of HTTP) A
0 -511.8 M
3.09410501 0 32 0 0 (requests/responses. Throughout this document, the following terms are used to categorize those) A
0 -525 M
(messages: for ) S
(requests,) S
11 -545.6 M
gsave
0 setgray
newpath
11.0 -545.570129 2.75 0 360 arc
closepath
fill
grestore
22 -549.2 M
0.126802891 0 32 0 0 (A non-authenticating request is a request not attempting any authentication: a request without any) A
22 -562.4 M
(Authorization header. ) S
11 -573 M
gsave
0 setgray
newpath
11.0 -572.970154 2.75 0 360 arc
closepath
fill
grestore
22 -576.6 M
(An authenticating request is the opposite: a request with an Authorization header. ) S
0 -600.8 M
(For ) S
(responses,) S
11 -625 M
(1\) A non-authenticated response: ) S
33 -638.2 M
0.534895837 0 32 0 0 (is a response which does not involve with any HTTP authentication. It may not contain any) A
33 -651.4 M
(WWW-Authenticate or Authentication-Info header. ) S
33 -651.4 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 3 -) S
0 setgray
22 -8 M
grestore
pgsave restore N
%%Page: 4 4
%%PageResources: font Times-Roman Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
33 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
4.33756495 0 32 0 0 (Servers send this response when the requested resource is not protected by HTTP) A
33 -26.4 M
4.6015625 0 32 0 0 (authentication mechanisms. In context of this specification, not-authentication-related) A
33 -39.6 M
(negative responses \(e.g. 403 and 404\) are also considered as non-authenticated responses. ) S
33 -52.8 M
(\(See note on successfully-authenticated responses below for some ambiguous cases.\) ) S
11 -66 M
(2\) An authentication-initializing response: ) S
33 -79.2 M
0.903245211 0 32 0 0 (is a response which requires or allows clients to start authentication attempts. Servers send) A
33 -92.4 M
0.622514188 0 32 0 0 (this response when the requested resource is protected by HTTP authentication mechanism,) A
33 -105.6 M
(and the request meets one of the following cases: ) S
44 -116.2 M
gsave
0 setgray
newpath
44.0 -116.169991 2.75 0 360 arc
closepath
fill
grestore
55 -119.8 M
(The request is non-authenticating request, or ) S
44 -130.4 M
gsave
0 setgray
newpath
44.0 -130.37 2.75 0 360 arc
closepath
fill
grestore
55 -134 M
1.54154825 0 32 0 0 (The request contained an authentication trial directed to the protection space \(realm\)) A
55 -147.2 M
(other than the server's expected ) S
(one.) S
33 -160.4 M
(The server will specify the protection space for authentication in this response. ) S
33 -173.6 M
(Upon reception, the client's behavior is further divided to two possible cases. ) S
44 -184.2 M
gsave
0 setgray
newpath
44.0 -184.169983 2.75 0 360 arc
closepath
fill
grestore
55 -187.8 M
3.67578125 0 32 0 0 (If the client may have no prior knowledge on authentication credentials \(e.g. a) A
55 -201 M
0.59765625 0 32 0 0 (user-name and a password\) related to the requested protection space, the protocol flow) A
55 -214.2 M
(terminates and the client will ask the user to provide authentication credentials, ) S
44 -224.8 M
gsave
0 setgray
newpath
44.0 -224.769974 2.75 0 360 arc
closepath
fill
grestore
55 -228.4 M
0.29296875 0 32 0 0 (On the other hand, if client already have an enough credentials for authentication to the) A
55 -241.6 M
0.440625 0 32 0 0 (requested protection space, the client will automatically send an authenticating request.) A
55 -254.8 M
2.71123791 0 32 0 0 (Such cases often occur when the client did not know beforehand that the current) A
55 -268 M
(request-URL requires an authentication. ) S
11 -281.2 M
(3\) A successfully-authenticated response: ) S
33 -294.4 M
2.40364575 0 32 0 0 (is a response for an authenticating request meaning that the authentication attempt was) A
33 -307.6 M
3.06605124 0 32 0 0 (granted. \(Note: if the authentication scheme used does not use an Authentication-Info) A
33 -320.8 M
(header, it may be indistinguishable from a non-authenticated response.\) ) S
11 -334 M
(4\) An intermediate authenticating response: ) S
33 -347.2 M
0.796038 0 32 0 0 (is a response for an authenticating request which requires some more reaction by the client) A
33 -360.4 M
3.17542624 0 32 0 0 (software without involving users. Such a response is required when an authentication) A
33 -373.6 M
1.81901038 0 32 0 0 (scheme requires two or more round-trip messages to perform authentication, or when an) A
33 -386.8 M
2.649858 0 32 0 0 (authentication scheme uses some speculative short-cut method \(such as uses of cached) A
33 -400 M
(shared secrets\) and it failed. ) S
11 -413.2 M
(5\) A negatively-authenticated response: ) S
33 -426.4 M
0.691706717 0 32 0 0 (is a response for an authenticating request which means that the authentication attempt was) A
33 -439.6 M
1.75234377 0 32 0 0 (declined and can not continue without another authentication credential. Clients typically) A
33 -452.8 M
(erase memory of the currently-using credentials and ask the user for other ones. ) S
33 -466 M
0.975060105 0 32 0 0 (Usually the format of these responses are as same as the one for authentication-initializing) A
33 -479.2 M
2.12044263 0 32 0 0 (responses. Client can distinguish it by comparing the protection spaces contained in the) A
33 -492.4 M
(request and in the response. ) S
0 -516.6 M
gsave
newpath
0 -517.7 M
36.9609375 0 RL
stroke
grestore
5.63671875 0 32 0 0 (Figure\2401) A
[/Rect [-1.0 -519.350159 37.9609375 -507.250153] /Subtype /Link /Border [0 0 0] /Dest /10 /ANN pdfmark
5.63671875 0 32 0 0 ( shows a state diagram of generic HTTP authentication with the above message) A
0 -529.8 M
0.0315290168 0 32 0 0 (categorization. Note that many authentication schemes use only a subset of the transitions described on) A
0 -543 M
(the diagram. Labels in the figure show the abbreviated names of response types. ) S
0 -554 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -565 M
[/View [/XYZ -4 191.999817 null] /Dest /10 /DEST pdfmark
0 -565 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 4 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 5 5
%%PageResources: font Times-Roman Times-Bold Courier Courier-Oblique Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -304 M
gsave
0.0 -304.0 translate
/IS 1 D
save
0 0 M
IS IS scale
/showpage {}D
-99 -500 translate
/tgifdict 56 dict def
tgifdict begin
/tgifarrowtipdict 8 dict def
tgifarrowtipdict /mtrx matrix put
/TGAT % tgifarrowtip
{ tgifarrowtipdict begin
/dy exch def
/dx exch def
/h exch def
/w exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
dy dx atan rotate
0 0 moveto
w neg h lineto
w neg h neg lineto
savematrix setmatrix
end
} def
/tgifarcdict 8 dict def
tgifarcdict /mtrx matrix put
/TGAN % tgifarcn
{ tgifarcdict begin
/endangle exch def
/startangle exch def
/yrad exch def
/xrad exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
xrad yrad scale
0 0 1 startangle endangle arc
savematrix setmatrix
end
} def
/TGAR % tgifarc
{ tgifarcdict begin
/endangle exch def
/startangle exch def
/yrad exch def
/xrad exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
xrad yrad scale
0 0 1 startangle endangle arcn
savematrix setmatrix
end
} def
/TGMAX
{ exch dup 3 1 roll exch dup 3 1 roll gt { pop } { exch pop } ifelse
} def
/TGMIN
{ exch dup 3 1 roll exch dup 3 1 roll lt { pop } { exch pop } ifelse
} def
/TGSW { stringwidth pop } def
/bd { bind def } bind def
/GS { gsave } bd
/GR { grestore } bd
/NP { newpath } bd
/CP { closepath } bd
/CHP { charpath } bd
/CT { curveto } bd
/L { lineto } bd
/RL { rlineto } bd
/M { moveto } bd
/RM { rmoveto } bd
/S { stroke } bd
/F { fill } bd
/TR { translate } bd
/RO { rotate } bd
/SC { scale } bd
/MU { mul } bd
/DI { div } bd
/DU { dup } bd
/NE { neg } bd
/AD { add } bd
/SU { sub } bd
/PO { pop } bd
/EX { exch } bd
/CO { concat } bd
/CL { clip } bd
/EC { eoclip } bd
/EF { eofill } bd
/IM { image } bd
/IMM { imagemask } bd
/ARY { array } bd
/SG { setgray } bd
/RG { setrgbcolor } bd
/SD { setdash } bd
/W { setlinewidth } bd
/SM { setmiterlimit } bd
/SLC { setlinecap } bd
/SLJ { setlinejoin } bd
/SH { show } bd
/FF { findfont } bd
/MS { makefont setfont } bd
/AR { arcto 4 {pop} repeat } bd
/CURP { currentpoint } bd
/FLAT { flattenpath strokepath clip newpath } bd
/TGSM { tgiforigctm setmatrix } def
/TGRM { savematrix setmatrix } def
end
tgifdict begin
/tgifsavedpage save def
1 SM
1 W
0 SG
72 0 MU 72 11.602 MU TR
72 128 DI 100.000 MU 100 DI DU NE SC
GS
/tgiforigctm matrix currentmatrix def
NP
0 SG
GS
1 W
250 75 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NEW REQUEST) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NEW REQUEST) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
NP
250 125 M
180 155 L
250 185 L
320 155 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
250 150 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(the requested URI) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(the requested URI) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(known to be authed?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(known to be authed?) SH
GR
GR
0 SG
GS
NP
250 80 M
45 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 125 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 125 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
250 125 8.000 3.000 0 45 TGAT
CP F
GR
0 SG
GS
GS
NP
684 200 M
700 200 700 250 16 AR
700 234 L
700 250 600 250 16 AR
616 250 L
600 250 600 200 16 AR
600 216 L
600 200 700 200 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 220 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(normal request) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(normal request) SH
GR
GR
0 SG
GS
NP
650 200 M
-55 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 145 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 145 8.000 3.000 0 -55 TGAT
1 SG CP F
0 SG
NP
650 145 8.000 3.000 0 -55 TGAT
CP F
GR
NP
0 SG
GS
1 W
650 140 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
320 155 M
70 280 atan DU cos 8.000 MU 600 exch SU
exch sin 8.000 MU 225 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
600 225 8.000 3.000 280 70 TGAT
1 SG CP F
0 SG
NP
600 225 8.000 3.000 280 70 TGAT
CP F
GR
NP
0 SG
GS
1 W
605 175 M
GS
GS
0
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) SH
GR
GR
0 SG
NP
650 295 M
580 325 L
650 355 L
720 325 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
650 320 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(credentials) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(credentials) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(known?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(known?) SH
GR
GR
0 SG
GS
NP
650 250 M
45 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 295 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 295 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
650 295 8.000 3.000 0 45 TGAT
CP F
GR
NP
0 SG
GS
1 W
655 265 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(initializing) SH
GR
GR
0 SG
GS
NP
580 325 M
0 -45 atan DU cos 8.000 MU 535 exch SU
exch sin 8.000 MU 325 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
535 325 8.000 3.000 -45 0 TGAT
1 SG CP F
0 SG
NP
535 325 8.000 3.000 -45 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
475 330 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
NP
0 SG
GS
1 W
570 320 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
NP
0 SG
GS
1 W
330 150 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
0 SG
GS
NP
250 185 M
20 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 205 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 205 8.000 3.000 0 20 TGAT
1 SG CP F
0 SG
NP
250 205 8.000 3.000 0 20 TGAT
CP F
GR
0 SG
GS
GS
NP
284 360 M
300 360 300 410 16 AR
300 394 L
300 410 200 410 16 AR
216 410 L
200 410 200 360 16 AR
200 376 L
200 360 300 360 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
250 380 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) SH
GR
GR
NP
0 SG
GS
1 W
250 585 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
240 410 M
240 440 L
130 0 atan DU cos 8.000 MU 240 exch SU
exch sin 8.000 MU 570 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
240 570 8.000 3.000 0 130 TGAT
1 SG CP F
0 SG
NP
240 570 8.000 3.000 0 130 TGAT
CP F
GR
NP
0 SG
GS
1 W
285 505 M
GS
GS
0
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) SH
GR
GR
0 SG
GS
NP
300 385 M
0 100 atan DU cos 8.000 MU 400 exch SU
exch sin 8.000 MU 385 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
400 385 8.000 3.000 100 0 TGAT
1 SG CP F
0 SG
NP
400 385 8.000 3.000 100 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
345 380 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(negative) SH
GR
GR
NP
0 SG
GS
1 W
450 390 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_FAILED) TGSW
AD
/Times-Roman FF [12 0 0 -12 0 0] MS
(:) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_FAILED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(:) SH
GR
GR
NP
0 SG
GS
1 W
450 590 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_SUCCEED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_SUCCEED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
295 405 M
170 105 atan DU cos 8.000 MU 400 exch SU
exch sin 8.000 MU 575 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
400 575 8.000 3.000 105 170 TGAT
1 SG CP F
0 SG
NP
400 575 8.000 3.000 105 170 TGAT
CP F
GR
NP
0 SG
GS
1 W
375 522 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(success. auth) SH
GR
GR
0 SG
GS
GS
NP
684 460 M
700 460 700 510 16 AR
700 494 L
700 510 600 510 16 AR
616 510 L
600 510 600 460 16 AR
600 476 L
600 460 700 460 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 480 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) SH
GR
GR
0 SG
GS
NP
650 355 M
105 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 460 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 460 8.000 3.000 0 105 TGAT
1 SG CP F
0 SG
NP
650 460 8.000 3.000 0 105 TGAT
CP F
GR
0 SG
GS
NP
625 460 M
-75 -130 atan DU cos 8.000 MU 495 exch SU
exch sin 8.000 MU 385 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
495 385 8.000 3.000 -130 -75 TGAT
1 SG CP F
0 SG
NP
495 385 8.000 3.000 -130 -75 TGAT
CP F
GR
0 SG
GS
NP
605 505 M
70 -105 atan DU cos 8.000 MU 500 exch SU
exch sin 8.000 MU 575 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
500 575 8.000 3.000 -105 70 TGAT
1 SG CP F
0 SG
NP
500 575 8.000 3.000 -105 70 TGAT
CP F
GR
0 SG
GS
NP
300 400 M
65 305 atan DU cos 8.000 MU 605 exch SU
exch sin 8.000 MU 465 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
605 465 8.000 3.000 305 65 TGAT
1 SG CP F
0 SG
NP
605 465 8.000 3.000 305 65 TGAT
CP F
GR
NP
0 SG
GS
1 W
385 445 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(intermediate) SH
GR
GR
NP
0 SG
GS
1 W
665 365 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
NP
0 SG
GS
1 W
230 200 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
0 SG
GS
NP
295 365 M
335 280 L
375 280 L
0 275 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 280 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 280 8.000 3.000 275 0 TGAT
1 SG CP F
0 SG
NP
650 280 8.000 3.000 275 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
330 270 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(initializing) SH
GR
GR
NP
0 SG
GS
1 W
540 405 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(negative) SH
GR
GR
NP
0 SG
GS
1 W
505 522 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(success. auth) SH
GR
GR
NP
0 SG
GS
1 W
650 545 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(intermediate) SH
GR
GR
0 SG
GS
GS
NP
702 512 22 22 -75 180 TGAN
S
GR
GR
GS
TGSM
NP
702 490 8.000 3.000 -44 0 TGAT
1 SG CP F
0 SG
NP
702 490 8.000 3.000 -44 0 TGAT
CP F
GR
0 SG
NP
250 205 M
180 235 L
250 265 L
320 235 L
CP
GS
GR
GS
S
GR
0 SG
GS
NP
250 265 M
95 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 360 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 360 8.000 3.000 0 95 TGAT
1 SG CP F
0 SG
NP
250 360 8.000 3.000 0 95 TGAT
CP F
GR
NP
0 SG
GS
1 W
250 230 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(Can auth.-req.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(Can auth.-req.) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(be construted?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(be construted?) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*1\)) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*1\)) SH
GR
GR
NP
0 SG
GS
1 W
315 220 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
NP
0 SG
GS
1 W
235 280 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
0 SG
GS
NP
320 235 M
335 235 L
355 235 L
0 245 atan DU cos 8.000 MU 600 exch SU
exch sin 8.000 MU 235 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
600 235 8.000 3.000 245 0 TGAT
1 SG CP F
0 SG
NP
600 235 8.000 3.000 245 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
270 520 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*2\)) TGSW
AD
GR
NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*2\)) SH
GR
GR
GR
tgifsavedpage restore
end
showpage
restore
grestore
309.0 0.0 RM
131.3 -326.9 M
%%IncludeResource: font Times-Bold
7.63889 2 Nf
(\240Figure\2401: Generic state diagram for HTTP ) S
(authentication\240) S
0 -340.8 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -365 M
%%IncludeResource: font Times-Roman
11 0 Nf
2.643466 0 32 0 0 (Note: \(*1\) For example, "Digest" scheme requires server-provided nonce to construct client-side ) A
0 -378.2 M
(challenges.) S
0 -391.4 M
2.90397143 0 32 0 0 (\(*2\) In "Basic" and some others, this cannot be distinguished from a successfully-authenticated) A
0 -404.6 M
(response. ) S
0 -415.6 M
[/View [/XYZ -4 341.351349 null] /Dest /11 /DEST pdfmark
0 -415.6 M
[/View [/XYZ -4 341.351349 null] /Dest /12 /DEST pdfmark
0 -431.2 M
13 2 Nf
(2.2.) S
[/View [/XYZ -4 341.351349 null] /Dest /100 /DEST pdfmark
( Syntax ) S
(Notation) S
0 -455.4 M
11 0 Nf
3.59667969 0 32 0 0 (This specification uses an extended BNF syntax defined in ) A
gsave
newpath
293.5 -456.5 M
50.1054688 0 RL
stroke
grestore
3.59667969 0 32 0 0 ([RFC7230]) A
[/Rect [292.496094 -458.198669 344.601562 -446.098663] /Subtype /Link /Border [0 0 0] /Dest /62 /ANN pdfmark
3.59667969 0 32 0 0 (. The following syntax) A
0 -468.6 M
0.8046875 0 32 0 0 (definitions are quoted from ) A
gsave
newpath
126 -469.7 M
50.1054688 0 RL
stroke
grestore
0.8046875 0 32 0 0 ([RFC7230]) A
[/Rect [124.996094 -471.398682 177.101562 -459.298676] /Subtype /Link /Border [0 0 0] /Dest /62 /ANN pdfmark
0.8046875 0 32 0 0 ( and ) A
gsave
newpath
199.1 -469.7 M
50.1054688 0 RL
stroke
grestore
0.8046875 0 32 0 0 ([RFC7235]) A
[/Rect [198.09375 -471.398682 250.199219 -459.298676] /Subtype /Link /Border [0 0 0] /Dest /63 /ANN pdfmark
0.8046875 0 32 0 0 (: auth-scheme, quoted-string, auth-param, SP,) A
0 -481.8 M
1.25446427 0 32 0 0 (BWS, header-field, and challenge. It also uses the convention of using header names for specifying) A
0 -495 M
(syntax of header values. ) S
0 -519.2 M
1.25585938 0 32 0 0 (Additionally, this specification uses the following syntax elements following syntax definitions as a) A
0 -532.4 M
0.388221145 0 32 0 0 (refinement for token and the right-hand-side of auth-param in ) A
gsave
newpath
277.4 -533.5 M
50.1054688 0 RL
stroke
grestore
0.388221145 0 32 0 0 ([RFC7235]) A
[/Rect [276.421875 -535.19873 328.527344 -523.098755] /Subtype /Link /Border [0 0 0] /Dest /63 /ANN pdfmark
0.388221145 0 32 0 0 (. \(Note: these definitions are) A
0 -545.6 M
(consistent with those in ) S
gsave
newpath
106.3 -546.7 M
113.898438 0 RL
stroke
grestore
([I-D.ietf-httpauth-mutual]) S
[/Rect [105.304688 -548.398743 221.203125 -536.298767] /Subtype /Link /Border [0 0 0] /Dest /65 /ANN pdfmark
(.\) ) S
0 -556.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -567.6 M
[/View [/XYZ -4 189.351257 null] /Dest /13 /DEST pdfmark
0 -578.4 M
%%IncludeResource: font Courier
9.0 4 Nf
( ) S
%%IncludeResource: font Courier-Oblique
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( = 1*\(%x30-39 / %x41-5A / %x61-7A / "-" / "_"\)) S
0 -589.2 M
9.0 4 Nf
( ) S
9.0 5 Nf
(extension-token) S
9.0 4 Nf
( = "-" ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( 1*\("." ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
(\)) S
0 -600 M
9.0 4 Nf
( ) S
9.0 5 Nf
(extensive-token) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( / ) S
9.0 5 Nf
(extension-token) S
0 -610.8 M
9.0 4 Nf
( ) S
9.0 5 Nf
(integer) S
9.0 4 Nf
( = "0" / \(%x31-39 *%x30-39\) ) S
9.0 5 Nf
(; no leading zeros) S
147.2 -633.8 M
7.63889 2 Nf
(\240Figure\2402: the BNF syntax for common ) S
(notations\240) S
0 -636.7 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 5 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 6 6
%%PageResources: font Times-Roman Times-Bold Courier Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -0 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -24.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.88755584 0 32 0 0 (Extensive-tokens are used in this protocol where the set of acceptable tokens may include private) A
0 -37.4 M
2.68131518 0 32 0 0 (extensions. Any private extensions of this protocol MUST use the extension-tokens with format) A
0 -50.6 M
0.527734399 0 32 0 0 ("-<token>.<domain-name>", where <domain-name> is a validly registered \(sub-\)domain name on the) A
0 -63.8 M
(Internet owned by the party who defines the extensions. ) S
0 -74.8 M
[/View [/XYZ -4 682.2 null] /Dest /14 /DEST pdfmark
0 -74.8 M
[/View [/XYZ -4 682.2 null] /Dest /15 /DEST pdfmark
0 -93.8 M
%%IncludeResource: font Times-Bold
15 2 Nf
(3.) S
[/View [/XYZ -4 681.2 null] /Dest /101 /DEST pdfmark
( Optional ) S
(Authentication) S
0 -118 M
11 0 Nf
3.47916675 0 32 0 0 (The Optional-WWW-Authenticate header enables a non-mandatory authentication, which is not) A
0 -131.2 M
1.48925781 0 32 0 0 (possible under the current HTTP authentication mechanism. In several Web applications, users can) A
0 -144.4 M
0.109809026 0 32 0 0 (access the same contents as both a guest user and an authenticated user. In most Web applications, it is) A
0 -157.6 M
3.15625 0 32 0 0 (implemented using ) A
gsave
newpath
93.1 -158.7 M
33.3984375 0 RL
stroke
grestore
3.15625 0 32 0 0 (HTTP ) A
gsave
newpath
126.5 -158.7 M
33.5976562 0 RL
stroke
grestore
3.15625 0 32 0 0 (cookies) A
[/Rect [92.0664062 -160.349991 161.0625 -148.249985] /Subtype /Link /Border [0 0 0] /Dest /66 /ANN pdfmark
3.15625 0 32 0 0 ( [RFC6265] and custom form-based authentications. The new) A
0 -170.8 M
(authentication method using this message will provide a replacement for these authentication systems. ) S
0 -195 M
1.46664667 0 32 0 0 (Servers MAY send HTTP successful responses \(response code 200, 206 and others\) containing the) A
0 -208.2 M
6.1741538 0 32 0 0 (Optional-WWW-Authenticate header as a replacement of a 401 response when it is an) A
0 -221.4 M
6.13541651 0 32 0 0 (authentication-initializing response. The Optional-WWW-Authenticate header MUST\240NOT be) A
0 -234.6 M
(contained in 401 responses. ) S
11 -258.8 M
(HTTP/1.1 200 ) S
(OK) S
11 -272 M
(Optional-WWW-Authenticate: Basic realm="xxxx" ) S
0 -283 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -294 M
[/View [/XYZ -4 463.0 null] /Dest /16 /DEST pdfmark
0 -304.8 M
%%IncludeResource: font Courier
9.0 4 Nf
( Optional-WWW-Authenticate = 1#challenge) S
121.6 -327.7 M
7.63889 2 Nf
(\240Figure\2403: BNF syntax for Optional-WWW-Authenticate ) S
(header\240) S
0 -341.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -365.8 M
11 0 Nf
0.623883903 0 32 0 0 (The challenges contained in the Optional-WWW-Authenticate header are the same as those for a 401) A
0 -379 M
5.33125 0 32 0 0 (responses corresponding for a same request. For authentication-related matters, an optional) A
0 -392.2 M
4.40414667 0 32 0 0 (authentication request will have the same meaning as a 401 message with a corresponding) A
0 -405.4 M
3.61935759 0 32 0 0 (WWW-Authenticate header \(as an authentication-initializing response\). \(The behavior for other) A
0 -418.6 M
(matters, such as caching, MAY be different between the optional authentication and 401 messages.\) ) S
0 -442.8 M
0.777994812 0 32 0 0 (A response with an Optional-WWW-Authenticate header SHOULD be returned from the server only) A
0 -456 M
0.97265625 0 32 0 0 (when the request is either non-authenticated or authenticating to a wrong \(not the server's expected\)) A
0 -469.2 M
3.8 0 32 0 0 (protection space. If a response is either an intermediate or a negative response to a client's) A
0 -482.4 M
7.36621094 0 32 0 0 (authentication attempt, the server MUST respond with a 401 status response with a) A
0 -495.6 M
0.0750558 0 32 0 0 (WWW-Authenticate header instead. Failure to comply this rule will make client not able to distinguish) A
0 -508.8 M
(authentication successes and failures. ) S
0 -533 M
3.64960933 0 32 0 0 (The server is NOT\240RECOMMENDED to include an Optional-WWW-Authenticate header in a) A
0 -546.2 M
(positive response when a client's authentication attempt succeeds. ) S
0 -570.4 M
0.520052075 0 32 0 0 (Whenever an authentication scheme support for servers to send some parameter which gives a hint of) A
0 -583.6 M
2.28683043 0 32 0 0 (URL space for the corresponding protection space for the same realm \(e.g. "path" or "domain"\),) A
0 -596.8 M
1.69492185 0 32 0 0 (servers requesting non-mandatory authentication SHOULD send such parameter with the response.) A
0 -610 M
1.0110085 0 32 0 0 (Clients supporting non-mandatory authentication MUST recognize the parameter, and MUST send a) A
0 -623.2 M
0.0993303582 0 32 0 0 (request with an appropriate authentication credential in an Authorization header for any URI inside the) A
0 -636.4 M
(specified paths. ) S
0 -636.4 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 6 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 7 7
%%PageResources: font Times-Roman Times-Bold Courier Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.232291669 0 32 0 0 (Support of this header is OPTIONAL; Clients MAY also choose any set of authentication schemes for) A
0 -26.4 M
1.078776 0 32 0 0 (which optional authentication is supported \(in other words, its support MAY be scheme-dependent\).) A
0 -39.6 M
3.61371517 0 32 0 0 (However, some authentication schemes MAY require mandatory/recommended support for this) A
0 -52.8 M
0.0758928582 0 32 0 0 (header, so that server-side applications MAY assume that clients supporting such schemes are likely to) A
0 -66 M
(support the extension as well. ) S
0 -77 M
[/View [/XYZ -4 680.0 null] /Dest /17 /DEST pdfmark
0 -77 M
[/View [/XYZ -4 680.0 null] /Dest /18 /DEST pdfmark
0 -96 M
%%IncludeResource: font Times-Bold
15 2 Nf
(4.) S
[/View [/XYZ -4 679.0 null] /Dest /102 /DEST pdfmark
( Authentication-Control ) S
(header) S
0 -107 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -118 M
[/View [/XYZ -4 639.0 null] /Dest /19 /DEST pdfmark
0 -128.8 M
%%IncludeResource: font Courier
9.0 4 Nf
( Authentication-Control = 1#Auth-Control-Entry) S
0 -139.6 M
( Auth-Control-Entry = auth-scheme 1*SP 1#auth-control-param) S
0 -150.4 M
( auth-control-param = extensive-token BWS "=" BWS token) S
0 -161.2 M
( / extensive-token "*" BWS "=" BWS ext-value) S
0 -172 M
( ext-value = <see RFC 5987, Section 3.2>) S
120.6 -194.9 M
7.63889 2 Nf
(\240Figure\2404: the BNF syntax for the Authentication-Control ) S
(header\240) S
0 -208.8 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -233 M
11 0 Nf
1.72836542 0 32 0 0 (The Authentication-Control header provides a more precise control of the client behavior for Web) A
0 -246.2 M
1.29547989 0 32 0 0 (applications using an HTTP authentication protocol. This header is supposed to be generated in the) A
0 -259.4 M
0.951622605 0 32 0 0 (application layer, as opposed to WWW-Authenticate headers which will be generated usually by the) A
0 -272.6 M
(Web servers. ) S
0 -296.8 M
0.791015625 0 32 0 0 (Support of this header is OPTIONAL, and clients MAY choose any subset of these parameters to be) A
0 -310 M
0.347301126 0 32 0 0 (supported. The set of supported parameters MAY also be authentication scheme-dependent. However,) A
0 -323.2 M
1.43782556 0 32 0 0 (some authentication schemes MAY require mandatory/recommended support for some or all of the) A
0 -336.4 M
(features provided in this header. ) S
0 -360.6 M
2.6700995 0 32 0 0 (The Authentication-Control header contains one or more "authentication control entries" each of) A
0 -373.8 M
0.340959817 0 32 0 0 (which corresponds to a single realm for a specific authentication scheme. If the auth-scheme specified) A
0 -387 M
1.19895828 0 32 0 0 (for an entry supports the HTTP "realm" feature, that entry MUST contain the "realm" parameter. If) A
0 -400.2 M
(not, the entry MUST\240NOT contain the "realm" parameter. ) S
0 -424.4 M
0.173177078 0 32 0 0 (Among the multiple entries in the header, the meaningful entries in the header are those corresponding) A
0 -437.6 M
0.914306641 0 32 0 0 (to an auth-scheme and a realm \(if any\), for which "the authentication process is being performed, or) A
0 -450.8 M
(going to be performed". In more ) S
(detail,) S
11 -475 M
(\(1\) ) S
33 -488.2 M
0.626953125 0 32 0 0 (If the response is either an authentication-initializing response or a negatively-authenticated) A
33 -501.4 M
9.31467056 0 32 0 0 (response, there may be multiple challenges in the WWW-Authenticate \(or) A
33 -514.6 M
0.831163168 0 32 0 0 (Optional-WWW-Authenticate defined in this extension\) header, each of which corresponds) A
33 -527.8 M
0.459375 0 32 0 0 (to a different scheme and realm. The client will determine the scheme and realm to perform) A
33 -541 M
1.79537261 0 32 0 0 (an authentication, and the entries corresponding to the chosen scheme and realm will be) A
33 -554.2 M
(meaningful. ) S
11 -567.4 M
(\(2\) ) S
33 -580.6 M
11.0718746 0 32 0 0 (If the response is either an intermediate authenticating response or a) A
33 -593.8 M
2.54921865 0 32 0 0 (successfully-authenticated response, the scheme and a realm given in the Authorization) A
33 -607 M
1.9382813 0 32 0 0 (header of the HTTP request will determine the currently-ongoing authentication process.) A
33 -620.2 M
(Only the entries correspond to that scheme and realm are meaningful. ) S
11 -631.2 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 7 -) S
0 setgray
22 -8 M
grestore
pgsave restore N
%%Page: 8 8
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.124644883 0 32 0 0 (The server MAY send an Authentication-Control header containing non-meaningful entries. The client) A
0 -26.4 M
(MUST ignore all non-meaningful entries it received. ) S
0 -50.6 M
1.0356158 0 32 0 0 (Each entry contains one or more parameters, each of which is a name-value pair. The name of each) A
0 -63.8 M
0.596354187 0 32 0 0 (parameter MUST be an extensive-token. Clients MUST ignore any unknown parameters contained in) A
0 -77 M
1.05887282 0 32 0 0 (this header. The entries for the same auth-scheme and the realm MUST\240NOT contain the duplicated) A
0 -90.2 M
(parameters for the same name. ) S
0 -114.4 M
0.743489563 0 32 0 0 (The type of parameter value depends on the parameter name as defined in the following subsections.) A
0 -127.6 M
4.3883462 0 32 0 0 (Regardless of the type, however, the recipients SHOULD accept both quoted and unquoted) A
0 -140.8 M
0.789930582 0 32 0 0 (representations of values as defined in HTTP. If the parameter is defined to have a string value, is is) A
0 -154 M
0.207421869 0 32 0 0 (encouraged t be sent either in a quoted form or an ext-value form \(see ) A
gsave
newpath
312.6 -155.1 M
49.4882812 0 RL
stroke
grestore
0.207421869 0 32 0 0 (Section\2404.1) A
[/Rect [311.566406 -156.749985 363.054688 -144.649979] /Subtype /Link /Border [0 0 0] /Dest /20 /ANN pdfmark
0.207421869 0 32 0 0 (\). If it is defined as a) A
0 -167.2 M
1.86467636 0 32 0 0 (token \(or similar\) or an integer, the value SHOULD follow the corresponding ABNF syntax after) A
0 -180.4 M
0.54572612 0 32 0 0 (possible unquoting of the quoted-string value \(as defined in HTTP\), and is encouraged to be sent in a) A
0 -193.6 M
(unquoted form. ) S
0 -217.8 M
1.49023438 0 32 0 0 (Server-side application SHOULD always be reminded that any parameters contained in this header) A
0 -231 M
0.296440959 0 32 0 0 (MAY be ignored by clients. Also, even when a client accepts this header, users may always be able to) A
0 -244.2 M
1.5184896 0 32 0 0 (circumvent semantics of this header. Therefore, if this header is used for security purposes, its use) A
0 -257.4 M
2.5390625 0 32 0 0 (MUST be limited for providing some non-fundamental additional security measures valuable for) A
0 -270.6 M
0.516335249 0 32 0 0 (end-users \(such as client-side log-out for protecting against console takeover\). Server-side application) A
0 -283.8 M
(MUST\240NOT rely on the use of this header for protecting server-side resources. ) S
0 -308 M
0.874289751 0 32 0 0 (Note: The header syntax allows servers to specify Authentication-Control for multiple authentication) A
0 -321.2 M
1.47838545 0 32 0 0 (schemes, either as multiple occurrences of this header or as a combined single header \(see Section) A
0 -334.4 M
1.65685093 0 32 0 0 (3.2.2 of ) A
gsave
newpath
40 -335.5 M
50.1054688 0 RL
stroke
grestore
1.65685093 0 32 0 0 ([RFC7230]) A
[/Rect [38.9726562 -337.150024 91.078125 -325.050018] /Subtype /Link /Border [0 0 0] /Dest /62 /ANN pdfmark
1.65685093 0 32 0 0 ( for rationale\). The same care as for parsing multiple authentication challenges) A
0 -347.6 M
(SHALL be taken. ) S
0 -358.6 M
[/View [/XYZ -4 398.399963 null] /Dest /20 /DEST pdfmark
0 -358.6 M
[/View [/XYZ -4 398.399963 null] /Dest /21 /DEST pdfmark
0 -374.2 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.1.) S
[/View [/XYZ -4 398.399963 null] /Dest /103 /DEST pdfmark
( Non-ASCII extended header ) S
(parameters) S
0 -398.4 M
11 0 Nf
0.723958313 0 32 0 0 (Parameters contained in the Authentication-Control header MAY be extended to ISO 10646-1 values) A
0 -411.6 M
0.861328125 0 32 0 0 (using the framework described in ) A
gsave
newpath
154.3 -412.7 M
50.1054688 0 RL
stroke
grestore
0.861328125 0 32 0 0 ([RFC5987]) A
[/Rect [153.253906 -414.350067 205.359375 -402.250061] /Subtype /Link /Border [0 0 0] /Dest /61 /ANN pdfmark
0.861328125 0 32 0 0 (. All servers and clients MUST be capable of receiving) A
0 -424.8 M
(and sending values encoded in ) S
gsave
newpath
137.1 -425.9 M
50.1054688 0 RL
stroke
grestore
([RFC5987]) S
[/Rect [136.148438 -427.550079 188.253906 -415.450073] /Subtype /Link /Border [0 0 0] /Dest /61 /ANN pdfmark
( syntax. ) S
0 -449 M
0.424958885 0 32 0 0 (If a value to be sent contains only ASCII characters, the field MUST be sent in clear using plain RFC) A
0 -462.2 M
(7235 syntax. The syntax extended by RFC 5987 MUST\240NOT be used in this case. ) S
0 -486.4 M
2.0588727 0 32 0 0 (If a value \(except the "realm" header\) contains one or more non-ASCII characters, the parameter) A
0 -499.6 M
1.40401781 0 32 0 0 (SHOULD be sent using the ext-value syntax defined in Section 3.2 of ) A
gsave
newpath
326.9 -500.7 M
50.1054688 0 RL
stroke
grestore
1.40401781 0 32 0 0 ([RFC5987]) A
[/Rect [325.859375 -502.350128 377.964844 -490.250122] /Subtype /Link /Border [0 0 0] /Dest /61 /ANN pdfmark
1.40401781 0 32 0 0 (. Such parameter) A
0 -512.8 M
1.52890623 0 32 0 0 (MUST have charset value of "UTF-8", and the language value MUST always be omitted \(have an) A
0 -526 M
2.41223955 0 32 0 0 (empty value\). The same parameter MUST\240NOT be sent twice or more, those in both plain- and) A
0 -539.2 M
(extended-syntax. ) S
0 -563.4 M
3.80719876 0 32 0 0 (For example, a parameter "username" with value "Renee or France" SHOULD be sent as <) A
0 -576.6 M
0.849724293 0 32 0 0 (username="Renee of France" >. If the value is "Ren<e acute>e of France", it SHOULD be sent as <) A
0 -589.8 M
(username*=UTF-8''Ren%C3%89e%20of%20France > instead. ) S
0 -600.8 M
[/View [/XYZ -4 156.199829 null] /Dest /22 /DEST pdfmark
0 -600.8 M
[/View [/XYZ -4 156.199829 null] /Dest /23 /DEST pdfmark
0 -600.8 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 8 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 9 9
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -15.6 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.2.) S
[/View [/XYZ -4 757.0 null] /Dest /104 /DEST pdfmark
( Auth-style ) S
(parameter) S
0 -39.8 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Authentication-Control: Digest realm="protected ) S
(space",) S
0 -53 M
(\240 \240 \240 \240 auth-style=modal ) S
0 -77.2 M
2.02278638 0 32 0 0 (The parameter "auth-style" specifies the server's preferences over user interface behavior for user) A
0 -90.4 M
3.6526227 0 32 0 0 (authentication. This parameter can be included in any kind of responses, however, it is only) A
0 -103.6 M
1.6484375 0 32 0 0 (meaningful for either authentication-initializing or negatively-authenticated responses. The value of) A
0 -116.8 M
7.14518213 0 32 0 0 (this parameter MUST be one of the bare-tokens "modal" or "non-modal". When the) A
0 -130 M
1.15983069 0 32 0 0 (Optional-WWW-Authenticate header is used, the value of this parameter MUST be disregarded and) A
0 -143.2 M
(the value "non-modal" is implied. ) S
0 -167.4 M
3.50390625 0 32 0 0 (The value "modal" means that the server thinks the content of the response \(body and other) A
0 -180.6 M
2.1796875 0 32 0 0 (content-related headers\) is valuable only for users refusing authentication request. The clients are) A
0 -193.8 M
0.485839844 0 32 0 0 (expected to ask the user a password before processing the content. This behavior is common for most) A
0 -207 M
(of the current implementations of Basic and Digest authentication schemes. ) S
0 -231.2 M
2.1598959 0 32 0 0 (The value "non-modal" means that the server thinks the content of the response \(body and other) A
0 -244.4 M
0.805664062 0 32 0 0 (content-related headers\) is valuable for users before processing an authentication request. The clients) A
0 -257.6 M
5.20432711 0 32 0 0 (are expected to first process the content and then provide users opportunities to perform) A
0 -270.8 M
(authentication. ) S
0 -295 M
1.10774744 0 32 0 0 (The default behavior for the clients is implementation-dependent, and clients MAY choose different) A
0 -308.2 M
3.26302075 0 32 0 0 (defaults for different authentication schemes. The proposed default behavior is "modal" for all) A
0 -321.4 M
3.40664053 0 32 0 0 (authentication schemes, but specifications for authentication schemes MAY propose a different) A
0 -334.6 M
(default. ) S
0 -358.8 M
0.13131009 0 32 0 0 (The above two different methods of authentication may introduce a observable difference of semantics) A
0 -372 M
1.18719947 0 32 0 0 (when the response contains state-changing side effects; for example, it may change whether ) A
gsave
newpath
422.2 -373.1 M
31.8203125 0 RL
stroke
grestore
1.18719947 0 32 0 0 (Cookie ) A
[/Rect [421.179688 -374.750061 458.886719 -362.650055] /Subtype /Link /Border [0 0 0] /Dest /66 /ANN pdfmark
0 -385.2 M
gsave
newpath
0 -386.3 M
33.5859375 0 RL
stroke
grestore
4.18652344 0 32 0 0 (headers) A
[/Rect [-1.0 -387.950073 34.5859375 -375.850067] /Subtype /Link /Border [0 0 0] /Dest /66 /ANN pdfmark
4.18652344 0 32 0 0 ( [RFC6265] in 401 responses are processed or not. However, the server applications) A
0 -398.4 M
(SHOULD\240NOT depend on both existence and non-existence of such side effects. ) S
0 -409.4 M
[/View [/XYZ -4 347.599915 null] /Dest /24 /DEST pdfmark
0 -409.4 M
[/View [/XYZ -4 347.599915 null] /Dest /25 /DEST pdfmark
0 -425 M
13 2 Nf
(4.3.) S
[/View [/XYZ -4 347.599915 null] /Dest /105 /DEST pdfmark
( Location-when-unauthenticated ) S
(parameter) S
0 -449.2 M
11 0 Nf
(Authentication-Control: Mutual ) S
(realm="auth-space-1",) S
0 -462.4 M
(\240 \240 location-when-unauthenticated="http://www.example.com/login.html" ) S
0 -486.6 M
0.348524302 0 32 0 0 (The parameter "location-when-unauthenticated" specifies a location where any unauthenticated clients) A
0 -499.8 M
0.637152791 0 32 0 0 (should be redirected to. This header may be used, for example, when there is a central login page for) A
0 -513 M
1.86108398 0 32 0 0 (the entire Web application. The value of this parameter is a string that contains an absolute URL) A
0 -526.2 M
0.179443359 0 32 0 0 (location. Senders MUST always send an absolute URL location. If a received URL is not absolute, the) A
0 -539.4 M
(clients SHOULD either ignore it or consider it a relative URL from the current location. ) S
0 -563.6 M
0.643694222 0 32 0 0 (This parameter MAY be used with a 401 response for authentication-initializing response. It can also) A
0 -576.8 M
11.5490456 0 32 0 0 (be contained, although NOT\240RECOMMENDED, in a positive response with an) A
0 -590 M
1.54261363 0 32 0 0 (Optional-WWW-Authenticate header. The clients MUST ignore this parameter, when a response is) A
0 -603.2 M
2.35107422 0 32 0 0 (either successfully-authenticated or intermediately-authenticated. The clients SHOULD ignore this) A
0 -616.4 M
(parameter when a response is a negatively-authenticated one \(the case is unlikely to happen, though\). ) S
0 -640.6 M
0.133593753 0 32 0 0 (When a client receives an authentication-initiating response with this parameter, if the client has to ask) A
0 -653.8 M
1.32858455 0 32 0 0 (users for authentication credentials, the client will treat the entire response as if it were a 303 "See) A
0 -667 M
1.12402344 0 32 0 0 (Other" response with a Location header that contains the value of this parameter \(i.e., client will be) A
0 -667 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 9 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 10 10
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.04125977 0 32 0 0 (redirected to the specified location with a GET request\). Unlike a normal 303 response, if the client) A
0 -26.4 M
11 0 Nf
(can process authentication without the user's interaction, this parameter MUST be ignored. ) S
0 -37.4 M
[/View [/XYZ -4 719.6 null] /Dest /26 /DEST pdfmark
0 -37.4 M
[/View [/XYZ -4 719.6 null] /Dest /27 /DEST pdfmark
0 -53 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.4.) S
[/View [/XYZ -4 719.6 null] /Dest /106 /DEST pdfmark
( No-auth ) S
(parameter) S
0 -77.2 M
11 0 Nf
(Authentication-Control: Basic realm="entrance", no-auth=true ) S
0 -101.4 M
0.643880188 0 32 0 0 (The parameter "no-auth" is a variant of the location-when-unauthenticated parameter; it specifies that) A
0 -114.6 M
0.702343762 0 32 0 0 (new authentication attempt is not to be performed on this location for better user experience, without) A
0 -127.8 M
0.727941155 0 32 0 0 (specifying the redirection on the HTTP level. This header may be used, for example, when there is a) A
0 -141 M
0.09375 0 32 0 0 (central login page for the entire Web application, and when a \(Web content's level\) explicit interaction) A
0 -154.2 M
0.542739 0 32 0 0 (of users is desired before authentications. The value of this parameter MUST be a token "true". If the) A
0 -167.4 M
(value is incorrect, client MAY ignore this parameter. ) S
0 -191.6 M
2.91373706 0 32 0 0 (This parameter MAY be used with authentication-initiating responses. It can also be contained,) A
0 -204.8 M
3.67919922 0 32 0 0 (although NOT\240RECOMMENDED, in a positive response with an Optional-WWW-Authenticate) A
0 -218 M
0.524088562 0 32 0 0 (header. The clients MUST ignore this parameter, when a response is either successfully-authenticated) A
0 -231.2 M
2.12695312 0 32 0 0 (or intermediately-authenticated. The clients SHOULD ignore this parameter when a response is a) A
0 -244.4 M
(negatively-authenticated one \(the case is unlikely to happen, though\). ) S
0 -268.6 M
0.133593753 0 32 0 0 (When a client receives an authentication-initiating response with this parameter, if the client has to ask) A
0 -281.8 M
0.397135407 0 32 0 0 (users for authentication credentials, the client will ignore the WWW-Authenticate header contained in) A
0 -295 M
1.04843748 0 32 0 0 (the response and treat the whole response as a normal negative 4xx-class response instead of giving) A
0 -308.2 M
0.992466509 0 32 0 0 (user an opportunity to start authentication. If the client can process authentication without the user's) A
0 -321.4 M
(interaction, this parameter MUST ignored. ) S
0 -345.6 M
1.48320317 0 32 0 0 (This parameter SHOULD\240NOT be used along with the location-when-unauthenticated parameter. If) A
0 -358.8 M
(both were supplied, clients MAY choose which one is to be honored. ) S
0 -383 M
0.0354567319 0 32 0 0 (This parameter SHOULD\240NOT be used as any security measures to prevent authentication attempts, as) A
0 -396.2 M
2.73688626 0 32 0 0 (it is easily circumvented by users. This parameter SHOULD be used solely for improving user) A
0 -409.4 M
(experience of web applications. ) S
0 -420.4 M
[/View [/XYZ -4 336.599915 null] /Dest /28 /DEST pdfmark
0 -420.4 M
[/View [/XYZ -4 336.599915 null] /Dest /29 /DEST pdfmark
0 -436 M
13 2 Nf
(4.5.) S
[/View [/XYZ -4 336.599915 null] /Dest /107 /DEST pdfmark
( Location-when-logout ) S
(parameter) S
0 -460.2 M
11 0 Nf
(Authentication-Control: Digest realm="protected ) S
(space",) S
0 -473.4 M
(\240 \240 location-when-logout="http://www.example.com/byebye.html" ) S
0 -497.6 M
1.22776437 0 32 0 0 (The parameter "location-when-logout" specifies a location where the client is to be redirected when) A
0 -510.8 M
1.30193019 0 32 0 0 (the user explicitly request a logout. The value of this parameter MUST be a string that contains an) A
0 -524 M
1.17486215 0 32 0 0 (absolute URL location. If a given URL is not absolute, the clients MAY consider it a relative URL) A
0 -537.2 M
(from the current location. ) S
0 -561.4 M
0.243815109 0 32 0 0 (This parameter MAY be used with successfully-authenticated responses. If this parameter is contained) A
0 -574.6 M
(in other kinds of responses, the clients MUST ignore this parameter. ) S
0 -598.8 M
0.029296875 0 32 0 0 (When the user requests to terminate an authentication period, and if the client currently displays a page) A
0 -612 M
0.656020224 0 32 0 0 (supplied by a response with this parameter, the client will be redirected to the specified location by a) A
0 -625.2 M
0.946289062 0 32 0 0 (new GET request \(as if it received a 303 response\). The log-out operation \(e.g. erasing memories of) A
0 -638.4 M
2.73978376 0 32 0 0 (user name, authentication credential and all related one-time credentials such as nonce or keys\)) A
0 -651.6 M
(SHOULD occur before processing a redirection. ) S
0 -651.6 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 10 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 11 11
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.621354163 0 32 0 0 (When the user requests to terminate an authentication period, if the client supports this parameter but) A
0 -26.4 M
1.79657447 0 32 0 0 (the server response does not contain this parameter, the client's RECOMMENDED behavior is as) A
0 -39.6 M
2.17005205 0 32 0 0 (follows: if the request corresponding to the current content was safe \(e.g. GET\), reload the page) A
0 -52.8 M
0.411658645 0 32 0 0 (without the authentication credential. If the request was non-idempotent \(e.g. POST\), keep the current) A
0 -66 M
4.08398438 0 32 0 0 (content as-is and simply forget the authentication status. The client SHOULD\240NOT replay a) A
0 -79.2 M
(non-idempotent request without the user's explicit approval. ) S
0 -103.4 M
0.97265625 0 32 0 0 (Web applications are encouraged to send this parameter with an appropriate value for any responses) A
0 -116.6 M
(\(except those with redirection \(3XX\) statuses\) for non-GET requests. ) S
0 -127.6 M
[/View [/XYZ -4 629.4 null] /Dest /30 /DEST pdfmark
0 -127.6 M
[/View [/XYZ -4 629.4 null] /Dest /31 /DEST pdfmark
0 -143.2 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.6.) S
[/View [/XYZ -4 629.4 null] /Dest /108 /DEST pdfmark
( Logout-timeout ) S
(parameter) S
0 -167.4 M
11 0 Nf
(Authentication-Control: Basic realm="entrance", logout-timeout=300 ) S
0 -191.6 M
0.646484375 0 32 0 0 (The parameter "logout-timeout", when contained in a successfully-authenticated response, means that) A
0 -204.8 M
0.356201172 0 32 0 0 (any authentication credentials and states related to the current protection space are to be discarded if a) A
0 -218 M
0.153262869 0 32 0 0 (time specified in this header \(in seconds\) has been passed from the time received. The value MUST be) A
0 -231.2 M
0.00868055597 0 32 0 0 (an integer. As a special case, the value 0 means that the client is requested to immediately log-out from) A
0 -244.4 M
0.381975442 0 32 0 0 (the current authentication space and revert to an unauthenticated status. This does not, however, mean) A
0 -257.6 M
1.93108261 0 32 0 0 (that the long-term memories for the passwords \(such as the password reminders and auto fill-ins\)) A
0 -270.8 M
0.207720593 0 32 0 0 (should be removed. If a new timeout value is received for the same authentication space, it cancels the) A
0 -284 M
(previous timeout and sets a new timeout. ) S
0 -295 M
[/View [/XYZ -4 462.0 null] /Dest /32 /DEST pdfmark
0 -295 M
[/View [/XYZ -4 462.0 null] /Dest /33 /DEST pdfmark
0 -310.6 M
13 2 Nf
(4.7.) S
[/View [/XYZ -4 462.0 null] /Dest /109 /DEST pdfmark
( Username ) S
(parameter) S
0 -334.8 M
11 0 Nf
(Authentication-Control: Basic realm="configuration", username="admin" ) S
0 -359 M
1.34489894 0 32 0 0 (The parameter "username" tells that the only "user name" to be accepted by the server is the value) A
0 -372.2 M
2.43498874 0 32 0 0 (given in this parameter. This parameter is particularly useful, for example, for routers and other) A
0 -385.4 M
(appliances with a Web configuration interface. ) S
0 -409.6 M
2.69835067 0 32 0 0 (This parameter MAY be used with authentication-initiating responses or negatively-authenticated) A
0 -422.8 M
0.572591126 0 32 0 0 (responses requiring another attempt of authentication. The clients MUST ignore this parameter, when) A
0 -436 M
(a response is either successfully-authenticated or intermediately-authenticated. ) S
0 -460.2 M
0.0257352944 0 32 0 0 (If the authentication scheme to be used has syntax limitation on the allowed user names \(e.g. Basic and) A
0 -473.4 M
1.2898438 0 32 0 0 (Digest do not allow colons in user names\), the specified value MUST follow that limitation. Client) A
0 -486.6 M
(SHOULD ignore any values which do not conform to such limitations. ) S
0 -510.8 M
0.0283854175 0 32 0 0 (Clients MAY still send any authentication requests with other user names, possibly in vain. Servers are) A
0 -524 M
3.12060547 0 32 0 0 (not strictly required to reject user names other than specified, but doing it will give bad user) A
0 -537.2 M
(experiences and may confuse users and clients. ) S
0 -561.4 M
1.31614578 0 32 0 0 (If the used authentication scheme requires specific style of text preparation for the user name \(e.g.,) A
0 -574.6 M
0.495117188 0 32 0 0 (PRECIS string preparation or Unicode normalization\), the specified user name SHOULD follow such) A
0 -587.8 M
(requirements. ) S
0 -598.8 M
[/View [/XYZ -4 158.199829 null] /Dest /34 /DEST pdfmark
0 -598.8 M
[/View [/XYZ -4 158.199829 null] /Dest /35 /DEST pdfmark
0 -599.8 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 11 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 12 12
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(5.) S
[/View [/XYZ -4 757.0 null] /Dest /110 /DEST pdfmark
( Usage examples ) S
(\(informative\)) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.18610489 0 32 0 0 (This section shows some examples for applying this extension to typical Web-sites which are using) A
0 -55.4 M
1.12081468 0 32 0 0 (Forms and cookies for managing authentication and authorization. The content of this section is not) A
0 -68.6 M
(normative and for illustrative purposes only. ) S
0 -92.8 M
2.54296875 0 32 0 0 (We assume that all features described in the previous sections are implemented in clients \(Web) A
0 -106 M
0.94921875 0 32 0 0 (browsers\). We also assume that browsers will have a user interface which allows users to deactivate) A
0 -119.2 M
1.77073312 0 32 0 0 (\(log-out from\) current authentication sessions. If this assumption is not hold, texts below provides) A
0 -132.4 M
(another approach with de-authentication pages used instead of such a UI. ) S
0 -156.6 M
1.46126306 0 32 0 0 (Without explicit notices, all settings described below are to be applied with Authentication-Control) A
0 -169.8 M
1.3955729 0 32 0 0 (headers, and these can be sent to clients regardless of authentication statuses \(these will be silently) A
0 -183 M
(ignored whenever not effective\). ) S
0 -194 M
[/View [/XYZ -4 563.0 null] /Dest /36 /DEST pdfmark
0 -194 M
[/View [/XYZ -4 563.0 null] /Dest /37 /DEST pdfmark
0 -209.6 M
13 2 Nf
(5.1.) S
[/View [/XYZ -4 563.0 null] /Dest /111 /DEST pdfmark
( Example 1: a portal ) S
(site) S
0 -233.8 M
11 0 Nf
1.75502229 0 32 0 0 (This subsection provides an example application for a site whose structure is somewhat similar to) A
0 -247 M
1.49399042 0 32 0 0 (conventional portal sites. In particular, most of web pages are available for guest \(unauthenticated\)) A
0 -260.2 M
1.35625 0 32 0 0 (users, and if authentication is performed, contents of these pages are customized for each user. We) A
0 -273.4 M
(assume the site has the following kinds of pages ) S
(currently:) S
11 -294 M
gsave
0 setgray
newpath
11.0 -293.97 2.75 0 360 arc
closepath
fill
grestore
22 -297.6 M
(Content pages. ) S
11 -308.2 M
gsave
0 setgray
newpath
11.0 -308.17 2.75 0 360 arc
closepath
fill
grestore
22 -311.8 M
(Pages/mechanism for performing authentication: ) S
33 -322.4 M
gsave
0 setgray
newpath
33.0 -322.370026 2.75 0 360 arc
closepath
stroke
grestore
44 -326 M
(There is one page which asks a user name and a password using a HTML POST form. ) S
33 -336.6 M
gsave
0 setgray
newpath
33.0 -336.570038 2.75 0 360 arc
closepath
stroke
grestore
44 -340.2 M
2.25809145 0 32 0 0 (After the authentication attempt, the user will be redirected to either the page which is) A
44 -353.4 M
(previously displayed before the authentication, or some specific ) S
(page.) S
11 -364 M
gsave
0 setgray
newpath
11.0 -363.970062 2.75 0 360 arc
closepath
fill
grestore
22 -367.6 M
(A de-authentication \(log-out\) ) S
(page.) S
0 -378.6 M
[/View [/XYZ -4 378.399933 null] /Dest /38 /DEST pdfmark
0 -378.6 M
[/View [/XYZ -4 378.399933 null] /Dest /39 /DEST pdfmark
0 -394.2 M
13 2 Nf
(5.1.1.) S
[/View [/XYZ -4 378.399933 null] /Dest /112 /DEST pdfmark
( Case 1: a simple ) S
(application) S
0 -418.4 M
11 0 Nf
2.12573242 0 32 0 0 (When such a site does not need a specific actions upon log-in and log-out, the following simple) A
0 -431.6 M
(settings can be ) S
(used.) S
11 -452.2 M
gsave
0 setgray
newpath
11.0 -452.170105 2.75 0 360 arc
closepath
fill
grestore
22 -455.8 M
7.99609375 0 32 0 0 (Set up an optional authentication to all pages available to guests. Set up an) A
22 -469 M
(Authentication-Control header with "auth-style=non-modal" setting. ) S
11 -479.6 M
gsave
0 setgray
newpath
11.0 -479.570129 2.75 0 360 arc
closepath
fill
grestore
22 -483.2 M
1.08007812 0 32 0 0 (If there are pages only available to authenticated users, Set up a mandatory authentication with) A
22 -496.4 M
("auth-style=non-modal" setting. ) S
11 -507 M
gsave
0 setgray
newpath
11.0 -506.970154 2.75 0 360 arc
closepath
fill
grestore
22 -510.6 M
0.142578125 0 32 0 0 (No specific pages for authentication is needed. It will be performed automatically, directed by the) A
22 -523.8 M
(above setting. ) S
11 -534.4 M
gsave
0 setgray
newpath
11.0 -534.370178 2.75 0 360 arc
closepath
fill
grestore
22 -538 M
1.62974334 0 32 0 0 (A de-authentication page is also not needed. If the site will have one, put "logout-timeout=0") A
22 -551.2 M
(there. ) S
11 -561.8 M
gsave
0 setgray
newpath
11.0 -561.770203 2.75 0 360 arc
closepath
fill
grestore
22 -565.4 M
(For all pages for POST requests, it is advisable to have "location-when-logout=<some ) S
(page>".) S
0 -576.4 M
[/View [/XYZ -4 180.599792 null] /Dest /40 /DEST pdfmark
0 -576.4 M
[/View [/XYZ -4 180.599792 null] /Dest /41 /DEST pdfmark
0 -592 M
13 2 Nf
(5.1.2.) S
[/View [/XYZ -4 180.599792 null] /Dest /113 /DEST pdfmark
( Case 2: specific action required on ) S
(log-out) S
0 -616.2 M
11 0 Nf
(If the site needs a specific actions upon log-out, the following settings can be ) S
(used.) S
11 -636.8 M
gsave
0 setgray
newpath
11.0 -636.770203 2.75 0 360 arc
closepath
fill
grestore
22 -640.4 M
(All shown in the Case 1 are to be applied. ) S
11 -651 M
gsave
0 setgray
newpath
11.0 -650.970215 2.75 0 360 arc
closepath
fill
grestore
22 -654.6 M
(For all pages, set up the Authentication-Control header) S
22 -667.8 M
("location-when-logout=<de-authentication page>". ) S
22 -668.8 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 12 -) S
0 setgray
44 -8 M
grestore
pgsave restore N
%%Page: 13 13
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
11 -9.6 M
gsave
0 setgray
newpath
11.0 -9.57000065 2.75 0 360 arc
closepath
fill
grestore
22 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.93701172 0 32 0 0 (In de-authentication pages, no specific set-up is needed. If there is any direct links to it, put ) A
22 -26.4 M
11 0 Nf
("logout-timeout=0".) S
0 -37.4 M
[/View [/XYZ -4 719.6 null] /Dest /42 /DEST pdfmark
0 -37.4 M
[/View [/XYZ -4 719.6 null] /Dest /43 /DEST pdfmark
0 -53 M
%%IncludeResource: font Times-Bold
13 2 Nf
(5.1.3.) S
[/View [/XYZ -4 719.6 null] /Dest /114 /DEST pdfmark
( Case 3: specific page displayed before ) S
(log-in) S
0 -77.2 M
11 0 Nf
0.135569856 0 32 0 0 (If the site needs to display a specific page before log-in actions \(some announces, user notices, or even) A
0 -90.4 M
(advertisements\), the following settings can be ) S
(applied.) S
11 -111 M
gsave
0 setgray
newpath
11.0 -110.969994 2.75 0 360 arc
closepath
fill
grestore
22 -114.6 M
0.203404024 0 32 0 0 (Set up an optional authentication to all pages available to guest. Set up an Authentication-Control) A
22 -127.8 M
(header with "no-auth=true". Put a link to a specific log-in page in contents. ) S
11 -138.4 M
gsave
0 setgray
newpath
11.0 -138.37 2.75 0 360 arc
closepath
fill
grestore
22 -142 M
1.08007812 0 32 0 0 (If there are pages only available to authenticated users, Set up a mandatory authentication with) A
22 -155.2 M
("location-when-unauthenticated=<the log-in page>". ) S
11 -165.8 M
gsave
0 setgray
newpath
11.0 -165.769989 2.75 0 360 arc
closepath
fill
grestore
22 -169.4 M
(For the specific log-in page, Set up a mandatory authentication. ) S
11 -180 M
gsave
0 setgray
newpath
11.0 -179.969986 2.75 0 360 arc
closepath
fill
grestore
22 -183.6 M
1.32584631 0 32 0 0 (For all pages for POST requests, it is advisable to have "location-when-logout=<some page>",) A
22 -196.8 M
(too. ) S
11 -207.4 M
gsave
0 setgray
newpath
11.0 -207.36998 2.75 0 360 arc
closepath
fill
grestore
22 -211 M
(De-authentication pages are not needed. If the site will have one, put ) S
("logout-timeout=0".) S
0 -222 M
[/View [/XYZ -4 535.0 null] /Dest /44 /DEST pdfmark
0 -222 M
[/View [/XYZ -4 535.0 null] /Dest /45 /DEST pdfmark
0 -237.6 M
13 2 Nf
(5.2.) S
[/View [/XYZ -4 535.0 null] /Dest /115 /DEST pdfmark
( Example 2: authenticated user-only ) S
(sites) S
0 -261.8 M
11 0 Nf
0.352711409 0 32 0 0 (If almost all pages in the target site requires authentication \(e.g., an Internet banking site\), or there are) A
0 -275 M
0.130729169 0 32 0 0 (no needs to support both unauthenticated and authenticated users on the same resource, the setting will) A
0 -288.2 M
(become somewhat simple. The following are an example to realize such a ) S
(site:) S
11 -308.8 M
gsave
0 setgray
newpath
11.0 -308.77002 2.75 0 360 arc
closepath
fill
grestore
22 -312.4 M
5.17848539 0 32 0 0 (Set up a mandatory authentication to all pages available to authenticated. Set up an) A
22 -325.6 M
(Authentication-Control header with "auth-style=non-modal" setting. ) S
11 -336.2 M
gsave
0 setgray
newpath
11.0 -336.170044 2.75 0 360 arc
closepath
fill
grestore
22 -339.8 M
(Set up a handler for the 401-status which requests users to authenticate. ) S
11 -350.4 M
gsave
0 setgray
newpath
11.0 -350.370056 2.75 0 360 arc
closepath
fill
grestore
22 -354 M
1.32584631 0 32 0 0 (For all pages for POST requests, it is advisable to have "location-when-logout=<some page>",) A
22 -367.2 M
(too. ) S
11 -377.8 M
gsave
0 setgray
newpath
11.0 -377.770081 2.75 0 360 arc
closepath
fill
grestore
22 -381.4 M
(De-authentication pages are not needed. If the site will have one, put "logout-timeout=0" ) S
(there.) S
0 -392.4 M
[/View [/XYZ -4 364.599915 null] /Dest /46 /DEST pdfmark
0 -392.4 M
[/View [/XYZ -4 364.599915 null] /Dest /47 /DEST pdfmark
0 -408 M
13 2 Nf
(5.3.) S
[/View [/XYZ -4 364.599915 null] /Dest /116 /DEST pdfmark
( When to use ) S
(Cookies) S
0 -432.2 M
11 0 Nf
0.197415859 0 32 0 0 (In the current Web sites using Form-based authentications, ) A
gsave
newpath
263.3 -433.3 M
36.0507812 0 RL
stroke
grestore
0.197415859 0 32 0 0 (Cookies) A
[/Rect [262.308594 -434.950104 300.359375 -422.850098] /Subtype /Link /Border [0 0 0] /Dest /66 /ANN pdfmark
0.197415859 0 32 0 0 ( [RFC6265] are used for managing) A
0 -445.4 M
0.173677891 0 32 0 0 (both authorization and application sessions. Using the extensions in this document, the former features) A
0 -458.6 M
0.816761374 0 32 0 0 (will be provided by using \(extended\) HTTP authentication/authorization mechanisms. In some cases,) A
0 -471.8 M
1.79296875 0 32 0 0 (there will be some ambiguous situations whether some functions are authorization management or) A
0 -485 M
(session management. The following hints will be helpful for deciding which features to be used. ) S
11 -505.6 M
gsave
0 setgray
newpath
11.0 -505.57016 2.75 0 360 arc
closepath
fill
grestore
22 -509.2 M
0.0280761719 0 32 0 0 (If there is a need to serve multiple sessions for a single user using multiple browsers concurrently,) A
22 -522.4 M
1.5165441 0 32 0 0 (use a Cookie for distinguishing between sessions for the same user. \(C.f. if there is a need to) A
22 -535.6 M
(distinguish sessions in the same browser, ) S
gsave
newpath
205.6 -536.7 M
62.921875 0 RL
stroke
grestore
(HTML5 Web ) S
gsave
newpath
268.5 -536.7 M
33.59375 0 RL
stroke
grestore
(Storage) S
[/Rect [204.582031 -538.350159 303.097656 -526.250183] /Subtype /Link /Border [0 0 0] /Dest /67 /ANN pdfmark
22 -548.8 M
([W3C.REC-webstorage-20130730] features may be used instead of Cookies.\) ) S
11 -559.4 M
gsave
0 setgray
newpath
11.0 -559.370178 2.75 0 360 arc
closepath
fill
grestore
22 -563 M
1.39479172 0 32 0 0 (If a web site is currently deploying a session time-out feature, consider who benefits from the) A
22 -576.2 M
2.5575521 0 32 0 0 (feature. In most cases, the main requirement for such feature is to protect users from their) A
22 -589.4 M
0.927083313 0 32 0 0 (consoles and browsers hijacked \(i.e. benefits are on the users' side\). In such cases, the time-out) A
22 -602.6 M
0.274902344 0 32 0 0 (features provided in this extension may be used. On the other hand, the requirements is to protect) A
22 -615.8 M
0.460637033 0 32 0 0 (server's privilege \(e.g. when some regulations require to limit the time difference between user's) A
22 -629 M
0.319602281 0 32 0 0 (two-factor authentication and financial transaction commitment; the requirement is strictly on the) A
22 -642.2 M
3.30273438 0 32 0 0 (servers' side\), that should be managed on the server side using Cookies or other session) A
22 -655.4 M
(management mechanisms. ) S
0 -655.4 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 13 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 14 14
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /48 /DEST pdfmark
0 0 M
[/View [/XYZ -4 757.0 null] /Dest /49 /DEST pdfmark
0 -15.6 M
%%IncludeResource: font Times-Bold
13 2 Nf
(5.4.) S
[/View [/XYZ -4 757.0 null] /Dest /117 /DEST pdfmark
( Parallel deployment with Form/Cookie ) S
(authentications) S
0 -39.8 M
%%IncludeResource: font Times-Roman
11 0 Nf
5.83854151 0 32 0 0 (In some transition periods, sites may need to support both HTTP-layer and Form-based) A
0 -53 M
(authentications. The following example shows one way to achieve that. ) S
11 -73.6 M
gsave
0 setgray
newpath
11.0 -73.57 2.75 0 360 arc
closepath
fill
grestore
22 -77.2 M
2.07356763 0 32 0 0 (If Cookies are used even for HTTP-authenticated users, each session determined by Cookies) A
22 -90.4 M
(should identify which authentication are used for the session. ) S
11 -101 M
gsave
0 setgray
newpath
11.0 -100.969994 2.75 0 360 arc
closepath
fill
grestore
22 -104.6 M
(First, set up any of the above settings for enabling HTTP-layer authentication. ) S
11 -115.2 M
gsave
0 setgray
newpath
11.0 -115.169991 2.75 0 360 arc
closepath
fill
grestore
22 -118.8 M
0.922991097 0 32 0 0 (For unauthenticated users, put the following things to the Web pages, unless the client supports) A
22 -132 M
(this extension and HTTP-level authentication. ) S
33 -142.6 M
gsave
0 setgray
newpath
33.0 -142.569992 2.75 0 360 arc
closepath
stroke
grestore
44 -146.2 M
(For non-mandatory authenticated pages, put a link to Form-based authenticated pages. ) S
33 -156.8 M
gsave
0 setgray
newpath
33.0 -156.769989 2.75 0 360 arc
closepath
stroke
grestore
44 -160.4 M
0.875976562 0 32 0 0 (For mandatory authenticated pages, either put a link to Form-based authenticated pages, or) A
44 -173.6 M
(put a HTML-level redirection \(using META element\) to such pages. ) S
11 -184.2 M
gsave
0 setgray
newpath
11.0 -184.169983 2.75 0 360 arc
closepath
fill
grestore
22 -187.8 M
1.62583709 0 32 0 0 (In Form-based authenticated pages, if users are not authenticated, it may have a diversion for) A
22 -201 M
(HTTP-level authentication by "location-when-unauthenticated" setting. ) S
11 -211.6 M
gsave
0 setgray
newpath
11.0 -211.569977 2.75 0 360 arc
closepath
fill
grestore
22 -215.2 M
(Users are identified for authorizations and content customization by the following logic. ) S
33 -225.8 M
gsave
0 setgray
newpath
33.0 -225.769974 2.75 0 360 arc
closepath
stroke
grestore
44 -229.4 M
0.275390625 0 32 0 0 (First, check the result of the HTTP-level authentication. If there is a Cookie session tied to a) A
44 -242.6 M
(specific user, both ones should match. ) S
33 -253.2 M
gsave
0 setgray
newpath
33.0 -253.169968 2.75 0 360 arc
closepath
stroke
grestore
44 -256.8 M
0.384915859 0 32 0 0 (If the user is not authenticated on the HTTP-level, use the conventional Form-based method) A
44 -270 M
(to determine the user. ) S
33 -280.6 M
gsave
0 setgray
newpath
33.0 -280.569977 2.75 0 360 arc
closepath
stroke
grestore
44 -284.2 M
1.51380205 0 32 0 0 (If there is a Cookie tied to an HTTP authentication, but there is no corresponding HTTP) A
44 -297.4 M
0.901692688 0 32 0 0 (authentication result, that session will be discarded \(because it means that authentication is) A
44 -310.6 M
(deactivated by the corresponding user\). ) S
0 -321.6 M
[/View [/XYZ -4 435.4 null] /Dest /50 /DEST pdfmark
0 -321.6 M
[/View [/XYZ -4 435.4 null] /Dest /51 /DEST pdfmark
0 -340.6 M
15 2 Nf
(6.) S
[/View [/XYZ -4 434.4 null] /Dest /118 /DEST pdfmark
( Methods to extend this ) S
(protocol) S
0 -364.8 M
11 0 Nf
1.88125 0 32 0 0 (If a private extension to this protocol is implemented, it MUST use the extension-param to avoid) A
0 -378 M
(conflicts with this protocol and other future official extensions. ) S
0 -402.2 M
0.619140625 0 32 0 0 (When bare-tokens are used in this protocol, these MUST be allocated by IANA. Any tokens used for) A
0 -415.4 M
0.201171875 0 32 0 0 (non-private, non-experimental parameters are RECOMMENDED to be registered to IANA, regardless) A
0 -428.6 M
(of the kind of tokens used. ) S
0 -452.8 M
1.36165369 0 32 0 0 (Extension-tokens MAY be freely used for any non-standard, private, and/or experimental uses. The) A
0 -466 M
0.280815959 0 32 0 0 (extension-tokens MUST be with format "-<bare-token>.<domain-name>", where <domain-name> is a) A
0 -479.2 M
0.729910731 0 32 0 0 (validly registered \(sub-\)domain name on the Internet owned by the party who defines the extensions.) A
0 -492.4 M
3.88912249 0 32 0 0 (Unknown parameter names are to be ignored regardless of whether it is extension-tokens or) A
0 -505.6 M
(bare-tokens. ) S
0 -516.6 M
[/View [/XYZ -4 240.399902 null] /Dest /52 /DEST pdfmark
0 -516.6 M
[/View [/XYZ -4 240.399902 null] /Dest /53 /DEST pdfmark
0 -535.6 M
15 2 Nf
(7.) S
[/View [/XYZ -4 239.399902 null] /Dest /119 /DEST pdfmark
( IANA ) S
(Considerations) S
0 -559.8 M
11 0 Nf
(This document defines two new entries for the "Permanent Message Header Field Names" registry. ) S
75.5 -588.1 M
11 2 Nf
(Header Field ) S
(Name) S
214.7 -588.1 M
11 2 Nf
(Protocol) S
260.5 -588.1 M
11 2 Nf
(Specification) S
75.5 -607.9 M
11 0 Nf
(Optional-WWW-Authenticate) S
214.7 -607.9 M
(http) S
260.5 -607.9 M
gsave
newpath
260.5 -609 M
41.2382812 0 RL
stroke
grestore
(Section\2403) S
[/Rect [259.518738 -610.600098 302.757019 -598.500122] /Subtype /Link /Border [0 0 0] /Dest /14 /ANN pdfmark
( of this ) S
(document) S
75.5 -627.6 M
(Authentication-Control) S
214.7 -627.6 M
(http) S
260.5 -627.6 M
gsave
newpath
260.5 -628.7 M
41.2382812 0 RL
stroke
grestore
(Section\2404) S
[/Rect [259.518738 -630.350098 302.757019 -618.250122] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
( of this ) S
(document) S
0 -633.4 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 14 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 15 15
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.56608069 0 32 0 0 (This document also establishes a registry for HTTP authentication control parameters. The registry) A
0 -26.4 M
0.0875651 0 32 0 0 (manages a case-insensitive ASCII strings. The string MUST follow the extensive-token syntax defined) A
0 -39.6 M
(in ) S
gsave
newpath
11.3 -40.7 M
49.4882812 0 RL
stroke
grestore
(Section\2402.2) S
[/Rect [10.3046875 -42.3500023 61.7929688 -30.2500019] /Subtype /Link /Border [0 0 0] /Dest /11 /ANN pdfmark
(. ) S
0 -63.8 M
2.24389648 0 32 0 0 (To acquire registered tokens, a specification for the use of such tokens MUST be available as a) A
0 -77 M
(publicly-accessible documents, as outlined as "Specification Required" level in ) S
gsave
newpath
351 -78.1 M
50.1054688 0 RL
stroke
grestore
([RFC5226]) S
[/Rect [350.042969 -79.75 402.148438 -67.65] /Subtype /Link /Border [0 0 0] /Dest /60 /ANN pdfmark
(. ) S
0 -101.2 M
3.52539062 0 32 0 0 (Registrations for authentication algorithms are required to include a description of the control) A
0 -114.4 M
(extension. New registrations are advised to provide the following ) S
(information:) S
11 -135 M
gsave
0 setgray
newpath
11.0 -134.97 2.75 0 360 arc
closepath
fill
grestore
22 -138.6 M
(Token: a token used in HTTP headers for identifying the algorithm. ) S
11 -149.2 M
gsave
0 setgray
newpath
11.0 -149.17 2.75 0 360 arc
closepath
fill
grestore
22 -152.8 M
(Specification: A reference for a specification defining the ) S
(algorithm.) S
0 -177 M
(The initial content of this registry is as follows: ) S
92.7 -205.3 M
%%IncludeResource: font Times-Bold
11 2 Nf
(Token) S
235 -205.3 M
11 2 Nf
(Specification) S
92.7 -225 M
11 0 Nf
(auth-style) S
235 -225 M
gsave
newpath
235 -226.2 M
49.4882812 0 RL
stroke
grestore
(Section\2404.2) S
[/Rect [234.023438 -227.799988 285.511719 -215.699982] /Subtype /Link /Border [0 0 0] /Dest /22 /ANN pdfmark
( of this ) S
(document) S
92.7 -244.8 M
(location-when-unauthenticated) S
235 -244.8 M
gsave
newpath
235 -245.9 M
49.4882812 0 RL
stroke
grestore
(Section\2404.3) S
[/Rect [234.023438 -247.549988 285.511719 -235.449982] /Subtype /Link /Border [0 0 0] /Dest /24 /ANN pdfmark
( of this ) S
(document) S
92.7 -264.5 M
(no-auth) S
235 -264.5 M
gsave
newpath
235 -265.6 M
49.4882812 0 RL
stroke
grestore
(Section\2404.4) S
[/Rect [234.023438 -267.3 285.511719 -255.199982] /Subtype /Link /Border [0 0 0] /Dest /26 /ANN pdfmark
( of this ) S
(document) S
92.7 -284.3 M
(location-when-logout) S
235 -284.3 M
gsave
newpath
235 -285.4 M
49.4882812 0 RL
stroke
grestore
(Section\2404.5) S
[/Rect [234.023438 -287.05 285.511719 -274.949982] /Subtype /Link /Border [0 0 0] /Dest /28 /ANN pdfmark
( of this ) S
(document) S
92.7 -304.1 M
(logout-timeout) S
235 -304.1 M
gsave
newpath
235 -305.1 M
49.4882812 0 RL
stroke
grestore
(Section\2404.6) S
[/Rect [234.023438 -306.8 285.511719 -294.699982] /Subtype /Link /Border [0 0 0] /Dest /30 /ANN pdfmark
( of this ) S
(document) S
92.7 -323.8 M
(username) S
235 -323.8 M
gsave
newpath
235 -324.9 M
49.4882812 0 RL
stroke
grestore
(Section\2404.7) S
[/Rect [234.023438 -326.55 285.511719 -314.449982] /Subtype /Link /Border [0 0 0] /Dest /32 /ANN pdfmark
( of this ) S
(document) S
0 -340.6 M
[/View [/XYZ -4 416.45 null] /Dest /54 /DEST pdfmark
0 -340.6 M
[/View [/XYZ -4 416.45 null] /Dest /55 /DEST pdfmark
0 -359.6 M
15 2 Nf
(8.) S
[/View [/XYZ -4 415.45 null] /Dest /120 /DEST pdfmark
( Security ) S
(Considerations) S
0 -383.8 M
11 0 Nf
0.845312476 0 32 0 0 (The purpose of the log-out timeout feature in the Authentication-control header is to protect users of) A
0 -397 M
3.95973563 0 32 0 0 (clients from impersonation caused by an attacker having access to the same console. Server) A
0 -410.2 M
2.6673677 0 32 0 0 (application implementer SHOULD be aware that the directive may always be ignored by either) A
0 -423.4 M
0.102539062 0 32 0 0 (malicious clients or clients not supporting this extension. If the purpose of introducing a timeout for an) A
0 -436.6 M
0.15384616 0 32 0 0 (authentication period is to protect server-side resources, such features MUST be implemented by other) A
0 -449.8 M
(means such as ) S
gsave
newpath
65.7 -450.9 M
30.2421875 0 RL
stroke
grestore
(HTTP ) S
gsave
newpath
95.9 -450.9 M
36.0507812 0 RL
stroke
grestore
(Cookies) S
[/Rect [64.6679688 -452.500061 132.960938 -440.400055] /Subtype /Link /Border [0 0 0] /Dest /66 /ANN pdfmark
( [RFC6265]. ) S
0 -474 M
0.108984374 0 32 0 0 (All parameters in Authentication-Control header SHOULD\240NOT be used for any security-enforcement) A
0 -487.2 M
0.597330749 0 32 0 0 (purposes. Server-side applications MUST be implemented always considering that the header may be) A
0 -500.4 M
(either ignored by clients or even bypassed by users. ) S
0 -524.6 M
4.5100913 0 32 0 0 (The "username" parameter may reveal sensitive information about the HTTP server and its) A
0 -537.8 M
0.662560105 0 32 0 0 (configurations, useful for security attacks. The use of the "username" parameter SHOULD be limited) A
0 -551 M
(to cases where the all of the following conditions are ) S
(met:) S
11 -575.2 M
(\(1\) ) S
33 -588.4 M
1.64536834 0 32 0 0 (the valid user name is pre-configured and not modifiable \(such as root, admin or similar) A
33 -601.6 M
(ones\); ) S
11 -614.8 M
(\(2\) ) S
33 -628 M
2.08541656 0 32 0 0 (the valid user name for such an appliance is publicly known \(for example, written in a) A
33 -641.2 M
(manual\); and ) S
33 -641.2 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 15 -) S
0 setgray
22 -8 M
grestore
pgsave restore N
%%Page: 16 16
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
11 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(\(3\) ) S
33 -26.4 M
1.27317703 0 32 0 0 (either the valid user name for the server is easily guessable by other means \(for example,) A
33 -39.6 M
0.729073644 0 32 0 0 (from the model number shown in an unauthenticated page\), or the server is only accessible) A
33 -52.8 M
(from limited ) S
(networks.) S
0 -77 M
1.45947266 0 32 0 0 (Especially, it SHOULD\240NOT be used in any case when the valid user names are configured by its) A
0 -90.2 M
(users or administrators. ) S
0 -101.2 M
[/View [/XYZ -4 655.8 null] /Dest /56 /DEST pdfmark
0 -101.2 M
[/View [/XYZ -4 655.8 null] /Dest /57 /DEST pdfmark
0 -120.2 M
%%IncludeResource: font Times-Bold
15 2 Nf
(9.) S
[/View [/XYZ -4 654.8 null] /Dest /121 /DEST pdfmark
( ) S
(References) S
0 -127.7 M
[/View [/XYZ -4 629.3 null] /Dest /58 /DEST pdfmark
0 -146.2 M
13 2 Nf
(9.1.) S
[/View [/XYZ -4 626.4 null] /Dest /122 /DEST pdfmark
( Normative ) S
(References) S
8 -162.5 M
0.988782346 0.988782346 scale
-0.0 -11.0 RM
11 0 Nf
([RFC2119]) S
[/View [/XYZ -4 842 null] /Dest /59 /DEST pdfmark
1.01134491 1.01134491 scale
73.5 -173.5 M
gsave
newpath
73.5 -174.6 M
40.921875 0 RL
stroke
grestore
(Bradner, ) S
gsave
newpath
114.5 -174.6 M
8.86328125 0 RL
stroke
grestore
(S.) S
(, ) S
(\233) S
gsave
newpath
133.7 -174.6 M
231.832031 0 RL
stroke
grestore
(Key words for use in RFCs to Indicate Requirement ) S
gsave
newpath
365.5 -174.6 M
29.3164062 0 RL
stroke
grestore
(Levels) S
[/Rect [132.711365 -176.25 395.859802 -164.15] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc2119)] Cd /ANN pdfmark
(,\234) S
73.5 -186.7 M
(BCP\24014, RFC\2402119, March\2401997 ) S
(\() S
gsave
newpath
224.5 -187.8 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [223.47699 -189.45 246.855896 -177.349991] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc2119.txt)] Cd /ANN pdfmark
(, ) S
gsave
newpath
251.4 -187.8 M
31.15625 0 RL
stroke
grestore
(HTML) S
[/Rect [250.355896 -189.45 283.512146 -177.349991] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/html/rfc2119.html)] Cd /ANN pdfmark
(, ) S
gsave
newpath
288 -187.8 M
24.4375 0 RL
stroke
grestore
(XML) S
[/Rect [287.012146 -189.45 313.449646 -177.349991] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/xml/rfc2119.xml)] Cd /ANN pdfmark
(\).) S
8 -197.4 M
0.988782346 0.988782346 scale
-0.0 -11.0 RM
([RFC5226]) S
[/View [/XYZ -4 842 null] /Dest /60 /DEST pdfmark
1.01134491 1.01134491 scale
73.5 -208.4 M
(Narten, T. and H. Alvestrand, ) S
(\233) S
gsave
newpath
211.9 -209.6 M
212.273438 0 RL
stroke
grestore
(Guidelines for Writing an IANA Considerations) S
[/Rect [210.894958 -211.2 425.168396 -199.099991] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc5226)] Cd /ANN pdfmark
73.5 -221.7 M
gsave
newpath
73.5 -222.8 M
47.0429688 0 RL
stroke
grestore
(Section in ) S
gsave
newpath
120.6 -222.8 M
25.0625 0 RL
stroke
grestore
(RFCs) S
[/Rect [72.5434 -224.4 146.648865 -212.299988] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc5226)] Cd /ANN pdfmark
(,\234 BCP\24026, RFC\2405226, May\2402008 ) S
(\() S
gsave
newpath
298.4 -222.8 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [297.422302 -224.4 320.801208 -212.299988] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc5226.txt)] Cd /ANN pdfmark
(\).) S
8 -232.4 M
0.988782346 0.988782346 scale
-0.0 -11.0 RM
([RFC5987]) S
[/View [/XYZ -4 842 null] /Dest /61 /DEST pdfmark
1.01134491 1.01134491 scale
73.5 -243.4 M
(Reschke, J., ) S
(\233) S
gsave
newpath
133.7 -244.5 M
271.488281 0 RL
stroke
grestore
(Character Set and Language Encoding for Hypertext Transfer) S
[/Rect [132.715271 -246.15 406.203552 -234.049988] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc5987)] Cd /ANN pdfmark
73.5 -256.6 M
gsave
newpath
73.5 -257.7 M
137.433594 0 RL
stroke
grestore
(Protocol \(HTTP\) Header Field ) S
gsave
newpath
211 -257.7 M
48.8515625 0 RL
stroke
grestore
(Parameters) S
[/Rect [72.5434 -259.35 260.828552 -247.25] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc5987)] Cd /ANN pdfmark
(,\234 RFC\2405987, August\2402010 ) S
(\() S
gsave
newpath
384.2 -257.7 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [383.180115 -259.35 406.559021 -247.25] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc5987.txt)] Cd /ANN pdfmark
(\).) S
8 -267.4 M
0.988782346 0.988782346 scale
-0.0 -11.0 RM
([RFC7230]) S
[/View [/XYZ -4 842 null] /Dest /62 /DEST pdfmark
1.01134491 1.01134491 scale
73.5 -278.4 M
(Fielding, R. and J. Reschke, ) S
(\233) S
gsave
newpath
204.6 -279.4 M
222.636719 0 RL
stroke
grestore
(Hypertext Transfer Protocol \(HTTP/1.1\): Message) S
[/Rect [203.594177 -281.1 428.230896 -269.0] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc7230)] Cd /ANN pdfmark
73.5 -291.6 M
gsave
newpath
73.5 -292.7 M
51.9335938 0 RL
stroke
grestore
(Syntax and ) S
gsave
newpath
125.5 -292.7 M
35.4453125 0 RL
stroke
grestore
(Routing) S
[/Rect [72.5434 -294.300018 161.922302 -282.2] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc7230)] Cd /ANN pdfmark
(,\234 RFC\2407230, June\2402014 ) S
(\() S
gsave
newpath
273.7 -292.7 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [272.660583 -294.300018 296.03949 -282.2] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc7230.txt)] Cd /ANN pdfmark
(\).) S
8 -302.3 M
0.988782346 0.988782346 scale
-0.0 -11.0 RM
([RFC7235]) S
[/View [/XYZ -4 842 null] /Dest /63 /DEST pdfmark
1.01134491 1.01134491 scale
73.5 -313.3 M
(Fielding, R. and J. Reschke, ) S
(\233) S
gsave
newpath
204.6 -314.4 M
184.15625 0 RL
stroke
grestore
(Hypertext Transfer Protocol \(HTTP/1.1\): ) S
[/Rect [203.594177 -316.05 389.750427 -303.949982] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc7235)] Cd /ANN pdfmark
73.5 -326.5 M
gsave
newpath
73.5 -327.6 M
65.3632812 0 RL
stroke
grestore
(Authentication) S
[/Rect [72.5434 -329.25 139.906677 -317.15] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc7235)] Cd /ANN pdfmark
(,\234 RFC\2407235, June\2402014 ) S
(\() S
gsave
newpath
251.6 -327.6 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [250.644958 -329.25 274.023865 -317.15] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc7235.txt)] Cd /ANN pdfmark
(\).) S
0 -346.2 M
[/View [/XYZ -4 410.75 null] /Dest /64 /DEST pdfmark
0 -361.9 M
13 2 Nf
(9.2.) S
[/View [/XYZ -4 410.75 null] /Dest /123 /DEST pdfmark
( Informative ) S
(References) S
8 -389.1 M
11 0 Nf
([I-D.ietf-httpauth-mutual]) S
[/View [/XYZ -4 842 null] /Dest /65 /DEST pdfmark
178.5 -389.1 M
(Oiwa, Y., Watanabe, H., Takagi, H., Maeda, K., Hayashi,) S
178.5 -402.4 M
(T., and Y. Ioku, ) S
(\233) S
gsave
newpath
256 -403.4 M
158.21875 0 RL
stroke
grestore
(Mutual Authentication Protocol for ) S
[/Rect [255.046143 -405.1 415.264893 -393.0] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpauth-mutual-05.txt)] Cd /ANN pdfmark
178.5 -415.6 M
gsave
newpath
178.5 -416.7 M
27.4921875 0 RL
stroke
grestore
(HTTP) S
[/Rect [177.46022 -418.300018 206.952408 -406.2] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpauth-mutual-05.txt)] Cd /ANN pdfmark
(,\234 draft-ietf-httpauth-mutual-05 \(work in progress\), ) S
178.5 -428.8 M
(July\2402015.) S
8 -450.5 M
([RFC6265]) S
[/View [/XYZ -4 842 null] /Dest /66 /DEST pdfmark
178.5 -450.5 M
(Barth, A., ) S
(\233) S
gsave
newpath
229.5 -451.6 M
115.148438 0 RL
stroke
grestore
(HTTP State Management ) S
gsave
newpath
344.6 -451.6 M
51.3125 0 RL
stroke
grestore
(Mechanism) S
[/Rect [228.468033 -453.25 396.928955 -441.15] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc6265)] Cd /ANN pdfmark
(,\234) S
178.5 -463.7 M
(RFC\2406265, April\2402011 ) S
(\() S
gsave
newpath
283.9 -464.8 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [282.866455 -466.45 306.245361 -454.35] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc6265.txt)] Cd /ANN pdfmark
(\).) S
8 -474.4 M
0.989609241 0.989609241 scale
-0.0 -11.0 RM
([W3C.REC-webstorage-20130730]) S
[/View [/XYZ -4 842 null] /Dest /67 /DEST pdfmark
1.01049984 1.01049984 scale
178.5 -485.4 M
(Hickson, I., ) S
(\233) S
gsave
newpath
237.4 -486.6 M
23.515625 0 RL
stroke
grestore
(Web ) S
gsave
newpath
260.9 -486.6 M
33.59375 0 RL
stroke
grestore
(Storage) S
[/Rect [236.409439 -488.2 295.518799 -476.1] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.w3.org/TR/2013/REC-webstorage-20130730)] Cd /ANN pdfmark
(,\234 World Wide Web Consortium) S
178.5 -498.7 M
(Recommendation\240REC-webstorage-20130730, July\2402013 ) S
178.5 -511.9 M
(\() S
gsave
newpath
182.1 -513 M
31.15625 0 RL
stroke
grestore
(HTML) S
[/Rect [181.120377 -514.600037 214.276627 -502.500031] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.w3.org/TR/2013/REC-webstorage-20130730)] Cd /ANN pdfmark
(\).) S
0 -531.6 M
[/View [/XYZ -4 225.400024 null] /Dest /68 /DEST pdfmark
0 -550.6 M
15 2 Nf
(Appendix) S
[/View [/XYZ -4 224.400024 null] /Dest /124 /DEST pdfmark
( A. \(Informative\) Applicability of features for each ) S
(messages) S
0 -574.8 M
11 0 Nf
3.06933594 0 32 0 0 (This section provides cross-reference table about applicability of each features provided in this) A
0 -588 M
0.294010431 0 32 0 0 (specification for each kinds of responses described in ) A
gsave
newpath
239.9 -589.1 M
49.4882812 0 RL
stroke
grestore
0.294010431 0 32 0 0 (Section\2402.1) A
[/Rect [238.945312 -590.75 290.433594 -578.65] /Subtype /Link /Border [0 0 0] /Dest /8 /ANN pdfmark
0.294010431 0 32 0 0 (. The table provided in this section is) A
0 -601.2 M
(for informative purposes only. ) S
201 -629.5 M
11 2 Nf
(init.) S
225.7 -629.5 M
11 2 Nf
(success.) S
268.2 -629.5 M
11 2 Nf
(intermed.) S
319.8 -629.5 M
11 2 Nf
(neg.) S
114.9 -649.2 M
11 0 Nf
(Optional ) S
(auth.) S
201 -649.2 M
(O) S
225.7 -649.2 M
(n) S
268.2 -649.2 M
(N) S
319.8 -649.2 M
(N) S
319.8 -649.2 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 16 -) S
0 setgray
639.6 -8 M
grestore
pgsave restore N
%%Page: 17 17
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
114.9 -14 M
%%IncludeResource: font Times-Roman
11 0 Nf
(auth-style) S
201 -14 M
(O) S
225.7 -14 M
(-) S
268.2 -14 M
(-) S
319.8 -14 M
(O) S
114.9 -33.8 M
(loc.-when-unauth.) S
201 -33.8 M
(O) S
225.7 -33.8 M
(I) S
268.2 -33.8 M
(I) S
319.8 -33.8 M
(i) S
114.9 -53.5 M
(no-auth) S
201 -53.5 M
(O) S
225.7 -53.5 M
(I) S
268.2 -53.5 M
(I) S
319.8 -53.5 M
(i) S
114.9 -73.2 M
(loc.-when-logout) S
201 -73.2 M
(-) S
225.7 -73.2 M
(O) S
268.2 -73.2 M
(-) S
319.8 -73.2 M
(-) S
114.9 -93 M
(logout-timeout) S
201 -93 M
(-) S
225.7 -93 M
(O) S
268.2 -93 M
(-) S
319.8 -93 M
(-) S
114.9 -112.8 M
(username) S
201 -112.8 M
(O) S
225.7 -112.8 M
(-) S
268.2 -112.8 M
(-) S
319.8 -112.8 M
(O) S
0 -142.7 M
11 0 Nf
(Legends: ) S
0 -155.9 M
(O = MAY contain; n = SHOULD\240NOT contain; N = MUST\240NOT ) S
(contain) S
0 -169.1 M
(i = SHOULD be ignored; I = MUST be ) S
(ignored;) S
0 -182.3 M
(- = meaningless \(to be ) S
(ignored\)) S
0 -193.3 M
[/View [/XYZ -4 563.7 null] /Dest /69 /DEST pdfmark
0 -193.3 M
[/View [/XYZ -4 563.7 null] /Dest /70 /DEST pdfmark
0 -212.3 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Appendix) S
[/View [/XYZ -4 562.7 null] /Dest /125 /DEST pdfmark
( B. \(Informative\) Draft ) S
(Notes) S
0 -236.5 M
11 0 Nf
(Things which might be considered for future revisions: ) S
11 -257.1 M
gsave
0 setgray
newpath
11.0 -257.069977 2.75 0 360 arc
closepath
fill
grestore
22 -260.7 M
2.23402 0 32 0 0 (In ) A
gsave
newpath
36.1 -261.8 M
50.1054688 0 RL
stroke
grestore
2.23402 0 32 0 0 ([RFC7235]) A
[/Rect [35.140625 -263.449982 87.2460938 -251.349976] /Subtype /Link /Border [0 0 0] /Dest /63 /ANN pdfmark
2.23402 0 32 0 0 (, meaning of WWW-Authenticate headers in non-401 responses are defined as) A
22 -273.9 M
2.45117188 0 32 0 0 ("supplying credentials \(or different credentials\) might affect the response". This clarification) A
22 -287.1 M
0.599759638 0 32 0 0 (change leaves a way for using 200-status responses along with a WWW-Authenticate header for) A
22 -300.3 M
(providing optional ) S
(authentication.) S
22 -313.5 M
0.773112 0 32 0 0 (Incorporating this possibility, however, needs more detailed analysis on the behavior of existing) A
22 -326.7 M
(clients and intermediate proxies for such possibly-confusing responses.) S
22 -339.9 M
2.22395825 0 32 0 0 (Optional-WWW-Authenticate is safer, at least for minimum backward compatibility, because) A
22 -353.1 M
1.00325525 0 32 0 0 (clients not supporting this extension will consider this header as an unrecognized entity-header,) A
22 -366.3 M
(possibly providing opportunity for silently falling-back to application-level authentications. ) S
0 -377.3 M
[/View [/XYZ -4 379.699921 null] /Dest /71 /DEST pdfmark
0 -377.3 M
[/View [/XYZ -4 379.699921 null] /Dest /72 /DEST pdfmark
0 -396.3 M
15 2 Nf
(Appendix) S
[/View [/XYZ -4 378.699921 null] /Dest /126 /DEST pdfmark
( C. \(Informative\) Draft Change ) S
(Log) S
0 -403.8 M
[/View [/XYZ -4 353.199921 null] /Dest /73 /DEST pdfmark
0 -403.8 M
[/View [/XYZ -4 353.199921 null] /Dest /74 /DEST pdfmark
0 -426.3 M
15 2 Nf
(C.1.) S
[/View [/XYZ -4 348.699921 null] /Dest /127 /DEST pdfmark
( Changes in Httpauth WG revision ) S
(04) S
11 -446.9 M
gsave
0 setgray
newpath
11.0 -446.870087 2.75 0 360 arc
closepath
fill
grestore
22 -450.5 M
11 0 Nf
(IANA consideration section ) S
(added.) S
0 -461.5 M
[/View [/XYZ -4 295.499908 null] /Dest /75 /DEST pdfmark
0 -461.5 M
[/View [/XYZ -4 295.499908 null] /Dest /76 /DEST pdfmark
0 -480.5 M
15 2 Nf
(C.2.) S
[/View [/XYZ -4 294.499908 null] /Dest /128 /DEST pdfmark
( Changes in Httpauth WG revision ) S
(03) S
11 -501.1 M
gsave
0 setgray
newpath
11.0 -501.070099 2.75 0 360 arc
closepath
fill
grestore
22 -504.7 M
11 0 Nf
(Adopting RFC 5987 extended syntax for non-ASCII parameter ) S
(values.) S
0 -515.7 M
[/View [/XYZ -4 241.299927 null] /Dest /77 /DEST pdfmark
0 -515.7 M
[/View [/XYZ -4 241.299927 null] /Dest /78 /DEST pdfmark
0 -534.7 M
15 2 Nf
(C.3.) S
[/View [/XYZ -4 240.299927 null] /Dest /129 /DEST pdfmark
( Changes in Httpauth WG revision ) S
(02) S
11 -555.3 M
gsave
0 setgray
newpath
11.0 -555.270081 2.75 0 360 arc
closepath
fill
grestore
22 -558.9 M
11 0 Nf
(Added realm parameter. ) S
11 -569.5 M
gsave
0 setgray
newpath
11.0 -569.470093 2.75 0 360 arc
closepath
fill
grestore
22 -573.1 M
0.546875 0 32 0 0 (Added username parameter. We acknowledge Michael Sweet's proposal for including this to the) A
22 -586.3 M
(Basic ) S
(authentication.) S
0 -597.3 M
[/View [/XYZ -4 159.69989 null] /Dest /79 /DEST pdfmark
0 -597.3 M
[/View [/XYZ -4 159.69989 null] /Dest /80 /DEST pdfmark
0 -598.3 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 17 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 18 18
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(C.4.) S
[/View [/XYZ -4 757.0 null] /Dest /130 /DEST pdfmark
( Changes in Httpauth WG revision ) S
(01) S
11 -38.6 M
gsave
0 setgray
newpath
11.0 -38.57 2.75 0 360 arc
closepath
fill
grestore
22 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Clarification on peers' responsibility about handling of relative URLs. ) S
11 -52.8 M
gsave
0 setgray
newpath
11.0 -52.77 2.75 0 360 arc
closepath
fill
grestore
22 -56.4 M
(Automatic reloading should be allowed only on safe methods, not always on idempotent ) S
(methods.) S
0 -67.4 M
[/View [/XYZ -4 689.6 null] /Dest /81 /DEST pdfmark
0 -67.4 M
[/View [/XYZ -4 689.6 null] /Dest /82 /DEST pdfmark
0 -86.4 M
15 2 Nf
(C.5.) S
[/View [/XYZ -4 688.6 null] /Dest /131 /DEST pdfmark
( Changes in Httpauth revision 00 and HttpBis revision ) S
(00) S
0 -110.6 M
11 0 Nf
(None.) S
0 -121.6 M
[/View [/XYZ -4 635.4 null] /Dest /83 /DEST pdfmark
0 -121.6 M
[/View [/XYZ -4 635.4 null] /Dest /84 /DEST pdfmark
0 -140.6 M
15 2 Nf
(C.6.) S
[/View [/XYZ -4 634.4 null] /Dest /132 /DEST pdfmark
( Changes in revision ) S
(02) S
11 -161.2 M
gsave
0 setgray
newpath
11.0 -161.170013 2.75 0 360 arc
closepath
fill
grestore
22 -164.8 M
11 0 Nf
(Added usage ) S
(examples.) S
0 -175.8 M
[/View [/XYZ -4 581.2 null] /Dest /85 /DEST pdfmark
0 -175.8 M
[/View [/XYZ -4 581.2 null] /Dest /86 /DEST pdfmark
0 -194.8 M
15 2 Nf
(C.7.) S
[/View [/XYZ -4 580.2 null] /Dest /133 /DEST pdfmark
( Changes in revision ) S
(01) S
11 -215.4 M
gsave
0 setgray
newpath
11.0 -215.37001 2.75 0 360 arc
closepath
fill
grestore
22 -219 M
11 0 Nf
(Syntax notations and parsing semantics changed to match httpbis ) S
(style.) S
0 -230 M
[/View [/XYZ -4 527.0 null] /Dest /87 /DEST pdfmark
0 -230 M
[/View [/XYZ -4 527.0 null] /Dest /88 /DEST pdfmark
0 -249 M
15 2 Nf
(C.8.) S
[/View [/XYZ -4 526.0 null] /Dest /134 /DEST pdfmark
( Changes in revision ) S
(00) S
11 -269.6 M
gsave
0 setgray
newpath
11.0 -269.57 2.75 0 360 arc
closepath
fill
grestore
22 -273.2 M
11 0 Nf
(Separated from HTTP Mutual authentication proposal \(-09\). ) S
11 -283.8 M
gsave
0 setgray
newpath
11.0 -283.77002 2.75 0 360 arc
closepath
fill
grestore
22 -287.4 M
(Adopting httpbis works as a referencing point to HTTP. ) S
11 -298 M
gsave
0 setgray
newpath
11.0 -297.970032 2.75 0 360 arc
closepath
fill
grestore
22 -301.6 M
(Generalized, now applicable for all HTTP authentication schemes. ) S
11 -312.2 M
gsave
0 setgray
newpath
11.0 -312.170044 2.75 0 360 arc
closepath
fill
grestore
22 -315.8 M
(Added "no-auth" and "auth-style" parameters. ) S
11 -326.4 M
gsave
0 setgray
newpath
11.0 -326.370056 2.75 0 360 arc
closepath
fill
grestore
22 -330 M
(Loosened standardization requirements for parameter-name tokens ) S
(registration.) S
0 -341 M
[/View [/XYZ -4 415.999939 null] /Dest /89 /DEST pdfmark
0 -360 M
15 2 Nf
(Authors') S
[/View [/XYZ -4 414.999939 null] /Dest /135 /DEST pdfmark
( ) S
(Addresses) S
0 -385.3 M
11 0 Nf
(\240) S
44.6 -385.3 M
(Yutaka ) S
(Oiwa) S
0 -399.1 M
(\240) S
44.6 -399.1 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -412.8 M
(\240) S
44.6 -412.8 M
(Information Technology Research ) S
(Institute) S
0 -426.6 M
(\240) S
44.6 -426.6 M
(Tsukuba Central ) S
(2) S
0 -440.3 M
(\240) S
44.6 -440.3 M
(1-1-1 ) S
(Umezono) S
0 -454.1 M
(\240) S
44.6 -454.1 M
(Tsukuba-shi, ) S
(Ibaraki) S
0 -467.8 M
(\240) S
44.6 -467.8 M
(JP) S
12.6 -481.6 M
(Email:\240) S
44.6 -481.6 M
gsave
newpath
44.6 -482.7 M
154.285156 0 RL
stroke
grestore
(mutual-auth-contact-ml@aist.go.jp) S
0 -495.3 M
(\240) S
44.6 -495.3 M
(\240) S
0 -509.1 M
(\240) S
44.6 -509.1 M
(Hajime ) S
(Watanabe) S
0 -522.8 M
(\240) S
44.6 -522.8 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -536.6 M
(\240) S
44.6 -536.6 M
(Information Technology Research ) S
(Institute) S
0 -550.3 M
(\240) S
44.6 -550.3 M
(Tsukuba Central ) S
(2) S
0 -564.1 M
(\240) S
44.6 -564.1 M
(1-1-1 ) S
(Umezono) S
0 -577.8 M
(\240) S
44.6 -577.8 M
(Tsukuba-shi, ) S
(Ibaraki) S
0 -591.6 M
(\240) S
44.6 -591.6 M
(JP) S
0 -605.3 M
(\240) S
44.6 -605.3 M
(\240) S
0 -619.1 M
(\240) S
44.6 -619.1 M
(Hiromitsu ) S
(Takagi) S
0 -632.8 M
(\240) S
44.6 -632.8 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -646.6 M
(\240) S
44.6 -646.6 M
(Information Technology Research ) S
(Institute) S
0 -660.3 M
(\240) S
44.6 -660.3 M
(Tsukuba Central ) S
(2) S
44.6 -660.3 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 18 -) S
0 setgray
89.3 -8 M
grestore
pgsave restore N
%%Page: 19 19
%%PageResources: font Times-Roman Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -11 M
%%IncludeResource: font Times-Roman
11 0 Nf
(\240) S
44.6 -11 M
(1-1-1 ) S
(Umezono) S
0 -24.8 M
(\240) S
44.6 -24.8 M
(Tsukuba-shi, ) S
(Ibaraki) S
0 -38.5 M
(\240) S
44.6 -38.5 M
(JP) S
0 -52.2 M
(\240) S
44.6 -52.2 M
(\240) S
0 -66 M
(\240) S
44.6 -66 M
(Tatsuya ) S
(Hayashi) S
0 -79.8 M
(\240) S
44.6 -79.8 M
(Lepidum Co. ) S
(Ltd.) S
0 -93.5 M
(\240) S
44.6 -93.5 M
(#602, Village Sasazuka ) S
(3) S
0 -107.2 M
(\240) S
44.6 -107.2 M
(1-30-3 ) S
(Sasazuka) S
0 -121 M
(\240) S
44.6 -121 M
(Shibuya-ku, ) S
(Tokyo) S
0 -134.8 M
(\240) S
44.6 -134.8 M
(JP) S
0 -148.5 M
(\240) S
44.6 -148.5 M
(\240) S
0 -162.2 M
(\240) S
44.6 -162.2 M
(Yuichi ) S
(Ioku) S
0 -176 M
(\240) S
44.6 -176 M
(Individual) S
0 -189.8 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 19 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-24 11:15:32 |