One document matched: draft-oiwa-http-auth-extension-01.ps
%!PS-Adobe-3.0
%%Title: HTTP Authentication Extensions for Interactive Clients
%%Creator: html2ps version 1.0 beta5
%%CreationDate: Fri May 18 14:42:19 2012
%%DocumentNeededResources: font Times-Roman Times-Bold Courier Courier-Oblique
%%+ font Helvetica
%%DocumentData: Clean7Bit
%%Orientation: Portrait
%%BoundingBox: 0 0 596 842
%%Pages: 13
%%EndComments
%%BeginProlog
/d {bind def} bind def
/D {def} d
/ie {ifelse} d
/E {exch} d
/t true D
/f false D
/FL [/Times-Roman
/Times-Italic
/Times-Bold
/Times-BoldItalic
/Courier
/Courier-Oblique
/Courier-Bold
/Courier-BoldOblique
/Helvetica
/Helvetica-Oblique
/Helvetica-Bold
/Helvetica-BoldOblique] D
/Cd {aload length 2 idiv dup dict begin {D} repeat currentdict end} D
/reencodeISO {
dup dup findfont dup length dict begin{1 index /FID ne{D}{pop pop}ie}forall
/Encoding ISOLatin1Encoding D currentdict end definefont} D
/ISOLatin1Encoding [
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/space/exclam/quotedbl/numbersign/dollar/percent/ampersand/quoteright
/parenleft/parenright/asterisk/plus/comma/hyphen/period/slash
/zero/one/two/three/four/five/six/seven/eight/nine/colon/semicolon
/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N
/O/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright
/asciicircum/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m
/n/o/p/q/r/s/t/u/v/w/x/y/z/braceleft/bar/braceright/asciitilde
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/space/exclamdown/cent/sterling/currency/yen/brokenbar
/section/dieresis/copyright/ordfeminine/guillemotleft/logicalnot
/hyphen/registered/macron/degree/plusminus/twosuperior/threesuperior
/acute/mu/paragraph/periodcentered/cedilla/onesuperior/ordmasculine
/guillemotright/onequarter/onehalf/threequarters/questiondown
/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE/Ccedilla
/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute
/Thorn/germandbls/agrave/aacute/acircumflex/atilde/adieresis
/aring/ae/ccedilla/egrave/eacute/ecircumflex/edieresis/igrave
/iacute/icircumflex/idieresis/eth/ntilde/ograve/oacute/ocircumflex
/otilde/odieresis/divide/oslash/ugrave/uacute/ucircumflex/udieresis
/yacute/thorn/ydieresis
] D
[128/backslash 129/parenleft 130/parenright 141/circumflex 142/tilde
143/perthousand 144/dagger 145/daggerdbl 146/Ydieresis 147/scaron 148/Scaron
149/oe 150/OE 151/guilsinglleft 152/guilsinglright 153/quotesinglbase
154/quotedblbase 155/quotedblleft 156/quotedblright 157/endash 158/emdash
159/trademark]
aload length 2 idiv 1 1 3 -1 roll{pop ISOLatin1Encoding 3 1 roll put}for
/colorimage where{pop}{
/colorimage {
pop pop /Pr E D {/Cv Pr D /Gr Cv length 3 idiv string D 0 1 Gr length 1 sub
{Gr E dup /i E 3 mul D Cv i get 0.299 mul Cv i 1 add get 0.587 mul add
Cv i 2 add get 0.114 mul add cvi put}for Gr} image} D
}ie
/pdfmark where{pop}{userdict /pdfmark /cleartomark load put}ie
/MySymbol 10 dict dup begin
/FontType 3 D /FontMatrix [.001 0 0 .001 0 0 ] D /FontBBox [25 -10 600 600] D
/Encoding 256 array D 0 1 255{Encoding exch /.notdef put}for
Encoding (e) 0 get /euro put
/Metrics 2 dict D Metrics begin
/.notdef 0 D
/euro 651 D
end
/BBox 2 dict D BBox begin
/.notdef [0 0 0 0] D
/euro [25 -10 600 600] D
end
/CharacterDefs 2 dict D CharacterDefs begin
/.notdef {} D
/euro{newpath 114 600 moveto 631 600 lineto 464 200 lineto 573 200 lineto
573 0 lineto -94 0 lineto 31 300 lineto -10 300 lineto closepath clip
50 setlinewidth newpath 656 300 moveto 381 300 275 0 360 arc stroke
-19 350 moveto 600 0 rlineto -19 250 moveto 600 0 rlineto stroke}d
end
/BuildChar{0 begin
/char E D /fontdict E D /charname fontdict /Encoding get char get D
fontdict begin
Metrics charname get 0 BBox charname get aload pop setcachedevice
CharacterDefs charname get exec
end
end}D
/BuildChar load 0 3 dict put /UniqueID 1 D
end
definefont pop
/Nf {dup 0 ge{FL E get}{-1 eq{/Symbol}{/MySymbol}ie}ie findfont
E scalefont setfont} D
/IP {currentfile picstr readhexstring pop} D
/WF t D
/F 1 D
/N {showpage} d
/RL {rlineto} d
/S {show} d
/L {lineto} d
/M {moveto} d
/A {awidthshow} d
/RM {rmoveto} d
%%EndProlog
%%BeginSetup
%%PaperSize: A4
WF{FL{reencodeISO D}forall}{4 1 FL length 1 sub{FL E get reencodeISO D}for}ie
/Symbol dup dup findfont dup length dict begin
{1 index /FID ne{D}{pop pop}ie}forall /Encoding [Encoding aload pop]
dup 128 /therefore put D currentdict end definefont D
[/Creator (html2ps version 1.0 beta5) /Author () /Keywords (HTTP, authentication) /Subject () /Title (HTTP Authentication Extensions for Interactive Clients) /DOCINFO pdfmark
[/PageMode /UseOutlines /DOCVIEW pdfmark
[/Count 1 /Dest /57 /Title (HTTP Authentication Extensions for Interactive Clients draft-oiwa-http-auth-extension-01) /OUT pdfmark
[/Count 18 /Dest /58 /Title () /OUT pdfmark
[/Dest /58 /Title (Abstract) /OUT pdfmark
[/Dest /59 /Title (Status of this Memo) /OUT pdfmark
[/Dest /60 /Title (Copyright Notice) /OUT pdfmark
[/Dest /61 /Title (Table of Contents) /OUT pdfmark
[/Count -1 /Dest /62 /Title (1. Introduction) /OUT pdfmark
[/Dest /63 /Title (1.1. Terminology) /OUT pdfmark
[/Count -2 /Dest /64 /Title (2. Definitions) /OUT pdfmark
[/Dest /65 /Title (2.1. Terms for describing authentication protocol flow) /OUT pdfmark
[/Dest /66 /Title (2.2. Syntax Notation) /OUT pdfmark
[/Dest /67 /Title (3. Optional Authentication) /OUT pdfmark
[/Count -5 /Dest /68 /Title (4. Authentication-Control header) /OUT pdfmark
[/Dest /69 /Title (4.1. Auth-style parameter) /OUT pdfmark
[/Dest /70 /Title (4.2. Location-when-unauthenticated parameter) /OUT pdfmark
[/Dest /71 /Title (4.3. No-auth parameter) /OUT pdfmark
[/Dest /72 /Title (4.4. Location-when-logout parameter) /OUT pdfmark
[/Dest /73 /Title (4.5. Logout-timeout) /OUT pdfmark
[/Dest /74 /Title (5. Usage examples [TBD]) /OUT pdfmark
[/Dest /75 /Title (6. Methods to extend this protocol) /OUT pdfmark
[/Dest /76 /Title (7. IANA Considerations) /OUT pdfmark
[/Dest /77 /Title (8. Security Considerations) /OUT pdfmark
[/Count -2 /Dest /78 /Title (9. References) /OUT pdfmark
[/Dest /79 /Title (9.1. Normative References) /OUT pdfmark
[/Dest /80 /Title (9.2. Informative References) /OUT pdfmark
[/Dest /81 /Title (Appendix A. \(Informative\) Applicability of features for each messages) /OUT pdfmark
[/Dest /82 /Title (Appendix B. \(Informative\) Draft Notes) /OUT pdfmark
[/Dest /83 /Title (Appendix C. \(Informative\) Draft Change Log) /OUT pdfmark
[/Dest /84 /Title (C.1. Changes in revision 00) /OUT pdfmark
[/Dest /85 /Title (Authors' Addresses) /OUT pdfmark
%%EndSetup
%%Page: 1 1
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 0 M
[/View [/XYZ -4 842 null] /Dest /0 /DEST pdfmark
0 -0 M
save
2.5 -13.5 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Internet Engineering Task ) S
(Force) S
209.6 -13.5 M
(Y. ) S
(Oiwa) S
2.5 -32.2 M
(Internet-Draft) S
209.6 -32.2 M
(H. ) S
(Watanabe) S
2.5 -51 M
(Intended status: Standards ) S
(Track) S
209.6 -51 M
(H. ) S
(Takagi) S
2.5 -69.8 M
(Expires: November 19, ) S
(2012) S
209.6 -69.8 M
(RISEC, ) S
(AIST) S
2.5 -88.5 M
(\240) S
209.6 -88.5 M
(B. ) S
(Kihara) S
2.5 -107.2 M
(\240) S
209.6 -107.2 M
(T. ) S
(Hayashi) S
2.5 -126 M
(\240) S
209.6 -126 M
(Lepidum) S
2.5 -144.8 M
(\240) S
209.6 -144.8 M
(Y. ) S
(Ioku) S
2.5 -163.5 M
(\240) S
209.6 -163.5 M
(Yahoo! ) S
(Japan) S
2.5 -182.2 M
(\240) S
209.6 -182.2 M
(May 18, ) S
(2012) S
0 -187.5 M
restore
227 -202.7 M
[/View [/XYZ -4 842 null] /Dest /57 /DEST pdfmark
30.7 -221.7 M
%%IncludeResource: font Times-Bold
19 2 Nf
(HTTP Authentication Extensions for Interactive ) S
198.5 -244.5 M
(Clients) S
88.8 -267.3 M
(draft-oiwa-http-auth-extension-01) S
0 -297.3 M
15 2 Nf
(Abstract) S
[/View [/XYZ -4 477.7 null] /Dest /58 /DEST pdfmark
0 -321.5 M
11 0 Nf
1.15983069 0 32 0 0 (This document specifies a few extensions of HTTP authentication framework for interactive clients.) A
0 -334.7 M
0.569602251 0 32 0 0 (Recently, fundamental features of HTTP-level authentication is not enough for complex requirements) A
0 -347.9 M
5.34304 0 32 0 0 (of various Web-based applications. This makes these applications to implement their own) A
0 -361.1 M
1.13762021 0 32 0 0 (authentication frameworks using HTML Forms and other means, which becomes one of the hurdles) A
0 -374.3 M
3.25195312 0 32 0 0 (against introducing secure authentication mechanisms handled jointly by servers and user-agent) A
0 -387.5 M
3.90198874 0 32 0 0 (clients. The extended framework fills gaps between Web application requirements and HTTP) A
0 -400.7 M
3.64453125 0 32 0 0 (authentication provisions to solve the above problems, while maintaining compatibility against) A
0 -413.9 M
(existing Web and non-Web uses of HTTP authentications. ) S
0 -443.9 M
15 2 Nf
(Status) S
[/View [/XYZ -4 331.099915 null] /Dest /59 /DEST pdfmark
( of this ) S
(Memo) S
0 -468.1 M
11 0 Nf
(This Internet-Draft is submitted in full conformance with the provisions of BCP\24078 and ) S
(BCP\24079.) S
0 -492.3 M
0.34375 0 32 0 0 (Internet-Drafts are working documents of the Internet Engineering Task Force \(IETF\). Note that other) A
0 -505.5 M
0.389423072 0 32 0 0 (groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is) A
0 -518.7 M
(at ) S
(http://datatracker.ietf.org/drafts/current/.) S
0 -542.9 M
0.275781244 0 32 0 0 (Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced,) A
0 -556.1 M
1.51927078 0 32 0 0 (or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference) A
0 -569.3 M
(material or to cite them other than as \233work in ) S
(progress.\234) S
0 -593.5 M
(This Internet-Draft will expire on November 19, ) S
(2012.) S
0 -605.5 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 1 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 2 2
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -18 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Copyright) S
[/View [/XYZ -4 757.0 null] /Dest /60 /DEST pdfmark
( ) S
(Notice) S
0 -42.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Copyright \(c\) 2012 IETF Trust and the persons identified as the document authors. All rights ) S
(reserved.) S
0 -66.4 M
3.1208334 0 32 0 0 (This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF) A
0 -79.6 M
1.34730113 0 32 0 0 (Documents \(http://trustee.ietf.org/license-info\) in effect on the date of publication of this document.) A
0 -92.8 M
0.819475472 0 32 0 0 (Please review these documents carefully, as they describe your rights and restrictions with respect to) A
0 -106 M
0.287109375 0 32 0 0 (this document. Code Components extracted from this document must include Simplified BSD License) A
0 -119.2 M
1.24951172 0 32 0 0 (text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as) A
0 -132.4 M
(described in the Simplified BSD ) S
(License.) S
0 -143.4 M
[/View [/XYZ -4 613.6 null] /Dest /1 /DEST pdfmark
0 -162.4 M
15 2 Nf
(Table) S
[/View [/XYZ -4 612.6 null] /Dest /61 /DEST pdfmark
( of ) S
(Contents) S
0 -186.6 M
gsave
newpath
0 -187.7 M
8.25 0 RL
stroke
grestore
11 0 Nf
(1.) S
[/Rect [-1.0 -189.349991 9.25 -177.249985] /Subtype /Link /Border [0 0 0] /Dest /2 /ANN pdfmark
(\240 ) S
(Introduction) S
0 -199.8 M
(\240\240\240\240) S
gsave
newpath
11 -200.9 M
16.5 0 RL
stroke
grestore
(1.1.) S
[/Rect [10.0 -202.549988 28.5 -190.449982] /Subtype /Link /Border [0 0 0] /Dest /4 /ANN pdfmark
(\240 ) S
(Terminology) S
0 -213 M
gsave
newpath
0 -214.1 M
8.25 0 RL
stroke
grestore
(2.) S
[/Rect [-1.0 -215.749985 9.25 -203.649979] /Subtype /Link /Border [0 0 0] /Dest /6 /ANN pdfmark
(\240 ) S
(Definitions) S
0 -226.2 M
(\240\240\240\240) S
gsave
newpath
11 -227.3 M
16.5 0 RL
stroke
grestore
(2.1.) S
[/Rect [10.0 -228.949982 28.5 -216.849976] /Subtype /Link /Border [0 0 0] /Dest /8 /ANN pdfmark
(\240 Terms for describing authentication protocol ) S
(flow) S
0 -239.4 M
(\240\240\240\240) S
gsave
newpath
11 -240.5 M
16.5 0 RL
stroke
grestore
(2.2.) S
[/Rect [10.0 -242.149979 28.5 -230.049973] /Subtype /Link /Border [0 0 0] /Dest /11 /ANN pdfmark
(\240 Syntax ) S
(Notation) S
0 -252.6 M
gsave
newpath
0 -253.7 M
8.25 0 RL
stroke
grestore
(3.) S
[/Rect [-1.0 -255.349976 9.25 -243.249969] /Subtype /Link /Border [0 0 0] /Dest /14 /ANN pdfmark
(\240 Optional ) S
(Authentication) S
0 -265.8 M
gsave
newpath
0 -266.9 M
8.25 0 RL
stroke
grestore
(4.) S
[/Rect [-1.0 -268.55 9.25 -256.449982] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\240 Authentication-Control ) S
(header) S
0 -279 M
(\240\240\240\240) S
gsave
newpath
11 -280.1 M
16.5 0 RL
stroke
grestore
(4.1.) S
[/Rect [10.0 -281.75 28.5 -269.65] /Subtype /Link /Border [0 0 0] /Dest /20 /ANN pdfmark
(\240 Auth-style ) S
(parameter) S
0 -292.2 M
(\240\240\240\240) S
gsave
newpath
11 -293.3 M
16.5 0 RL
stroke
grestore
(4.2.) S
[/Rect [10.0 -294.95 28.5 -282.85] /Subtype /Link /Border [0 0 0] /Dest /22 /ANN pdfmark
(\240 Location-when-unauthenticated ) S
(parameter) S
0 -305.4 M
(\240\240\240\240) S
gsave
newpath
11 -306.5 M
16.5 0 RL
stroke
grestore
(4.3.) S
[/Rect [10.0 -308.150024 28.5 -296.050018] /Subtype /Link /Border [0 0 0] /Dest /24 /ANN pdfmark
(\240 No-auth ) S
(parameter) S
0 -318.6 M
(\240\240\240\240) S
gsave
newpath
11 -319.7 M
16.5 0 RL
stroke
grestore
(4.4.) S
[/Rect [10.0 -321.350037 28.5 -309.250031] /Subtype /Link /Border [0 0 0] /Dest /26 /ANN pdfmark
(\240 Location-when-logout ) S
(parameter) S
0 -331.8 M
(\240\240\240\240) S
gsave
newpath
11 -332.9 M
16.5 0 RL
stroke
grestore
(4.5.) S
[/Rect [10.0 -334.550049 28.5 -322.450043] /Subtype /Link /Border [0 0 0] /Dest /28 /ANN pdfmark
(\240 ) S
(Logout-timeout) S
0 -345 M
gsave
newpath
0 -346.1 M
8.25 0 RL
stroke
grestore
(5.) S
[/Rect [-1.0 -347.750061 9.25 -335.650055] /Subtype /Link /Border [0 0 0] /Dest /30 /ANN pdfmark
(\240 Usage examples ) S
([TBD]) S
0 -358.2 M
gsave
newpath
0 -359.3 M
8.25 0 RL
stroke
grestore
(6.) S
[/Rect [-1.0 -360.950073 9.25 -348.850067] /Subtype /Link /Border [0 0 0] /Dest /32 /ANN pdfmark
(\240 Methods to extend this ) S
(protocol) S
0 -371.4 M
gsave
newpath
0 -372.5 M
8.25 0 RL
stroke
grestore
(7.) S
[/Rect [-1.0 -374.150085 9.25 -362.050079] /Subtype /Link /Border [0 0 0] /Dest /34 /ANN pdfmark
(\240 IANA ) S
(Considerations) S
0 -384.6 M
gsave
newpath
0 -385.7 M
8.25 0 RL
stroke
grestore
(8.) S
[/Rect [-1.0 -387.350098 9.25 -375.250092] /Subtype /Link /Border [0 0 0] /Dest /36 /ANN pdfmark
(\240 Security ) S
(Considerations) S
0 -397.8 M
gsave
newpath
0 -398.9 M
8.25 0 RL
stroke
grestore
(9.) S
[/Rect [-1.0 -400.55011 9.25 -388.450104] /Subtype /Link /Border [0 0 0] /Dest /40 /ANN pdfmark
(\240 ) S
(References) S
0 -411 M
(\240\240\240\240) S
gsave
newpath
11 -412.1 M
16.5 0 RL
stroke
grestore
(9.1.) S
[/Rect [10.0 -413.750122 28.5 -401.650116] /Subtype /Link /Border [0 0 0] /Dest /40 /ANN pdfmark
(\240 Normative ) S
(References) S
0 -424.2 M
(\240\240\240\240) S
gsave
newpath
11 -425.3 M
16.5 0 RL
stroke
grestore
(9.2.) S
[/Rect [10.0 -426.950134 28.5 -414.850128] /Subtype /Link /Border [0 0 0] /Dest /45 /ANN pdfmark
(\240 Informative ) S
(References) S
0 -437.4 M
gsave
newpath
0 -438.5 M
56.8203125 0 RL
stroke
grestore
(Appendix\240A.) S
[/Rect [-1.0 -440.150146 57.8203125 -428.05014] /Subtype /Link /Border [0 0 0] /Dest /56 /ANN pdfmark
(\240 \(Informative\) Applicability of features for each ) S
(messages) S
0 -450.6 M
gsave
newpath
0 -451.7 M
56.2148438 0 RL
stroke
grestore
(Appendix\240B.) S
[/Rect [-1.0 -453.350159 57.2148438 -441.250153] /Subtype /Link /Border [0 0 0] /Dest /49 /ANN pdfmark
(\240 \(Informative\) Draft ) S
(Notes) S
0 -463.8 M
gsave
newpath
0 -464.9 M
56.2148438 0 RL
stroke
grestore
(Appendix\240C.) S
[/Rect [-1.0 -466.550171 57.2148438 -454.450165] /Subtype /Link /Border [0 0 0] /Dest /51 /ANN pdfmark
(\240 \(Informative\) Draft Change ) S
(Log) S
0 -477 M
(\240\240\240\240) S
gsave
newpath
11 -478.1 M
18.3359375 0 RL
stroke
grestore
(C.1.) S
[/Rect [10.0 -479.750183 30.3359375 -467.650177] /Subtype /Link /Border [0 0 0] /Dest /53 /ANN pdfmark
(\240 Changes in revision ) S
(00) S
0 -490.2 M
gsave
newpath
0 -491.3 M
5.5 0 RL
stroke
grestore
(\247) S
[/Rect [-1.0 -492.950195 6.5 -480.850189] /Subtype /Link /Border [0 0 0] /Dest /55 /ANN pdfmark
(\240 Authors' ) S
(Addresses) S
0 -501.2 M
[/View [/XYZ -4 255.799805 null] /Dest /2 /DEST pdfmark
0 -501.2 M
[/View [/XYZ -4 255.799805 null] /Dest /3 /DEST pdfmark
0 -520.2 M
15 2 Nf
(1.) S
[/View [/XYZ -4 254.799805 null] /Dest /62 /DEST pdfmark
( ) S
(Introduction) S
0 -544.4 M
11 0 Nf
0.6484375 0 32 0 0 (The document proposes several extensions to the current HTTP authentication framework, to provide) A
0 -557.6 M
0.107031249 0 32 0 0 (enough functionality comparable with current widely-used form-based Web authentication. A majority) A
0 -570.8 M
1.37571025 0 32 0 0 (of the recent Web-sites on the Internet use custom application-layer authentication implementations) A
0 -584 M
1.38354492 0 32 0 0 (using Web forms. The reasons for these may vary, but many people believe that the current HTTP) A
0 -597.2 M
3.24153638 0 32 0 0 (Basic \(and Digest, too\) authentication method does not have enough functionality \(including a) A
0 -610.4 M
3.09801126 0 32 0 0 (good-feeling user interfaces\) to support most of realistic Web-based applications. However, the) A
0 -623.6 M
3.95842624 0 32 0 0 (method is very weak against phishing and other attacks, because the whole behavior of the) A
0 -636.8 M
0.857572138 0 32 0 0 (authentication is controlled from the server-side applications. This makes it really hard to implement) A
0 -650 M
4.19648457 0 32 0 0 (any cryptographically strong authentication mechanisms into Web systems. To overcome this) A
0 -663.2 M
0.717122376 0 32 0 0 (problem, we need to "modernize" the HTTP authentication framework so that better client-controlled) A
0 -663.2 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 2 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 3 3
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.0733817 0 32 0 0 (secure methods can be used with Web applications. The extensions proposed in this document include: ) A
11 -33.8 M
gsave
0 setgray
newpath
11.0 -33.77 2.75 0 360 arc
closepath
fill
grestore
22 -37.4 M
11 0 Nf
(non-mandatory, optional authentication on HTTP ) S
(\() S
gsave
newpath
246.2 -38.5 M
41.2382812 0 RL
stroke
grestore
(Section\2403) S
[/Rect [245.199219 -40.15 288.4375 -28.0500011] /Subtype /Link /Border [0 0 0] /Dest /14 /ANN pdfmark
(\), ) S
11 -48 M
gsave
0 setgray
newpath
11.0 -47.97 2.75 0 360 arc
closepath
fill
grestore
22 -51.6 M
(log out from both server and client side ) S
(\() S
gsave
newpath
201.6 -52.7 M
41.2382812 0 RL
stroke
grestore
(Section\2404) S
[/Rect [200.589844 -54.3500023 243.828125 -42.25] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\), and ) S
11 -62.2 M
gsave
0 setgray
newpath
11.0 -62.170002 2.75 0 360 arc
closepath
fill
grestore
22 -65.8 M
(finer control for redirection depending on authentication status ) S
(\() S
gsave
newpath
304.2 -66.9 M
41.2382812 0 RL
stroke
grestore
(Section\2404) S
[/Rect [303.195312 -68.55 346.433594 -56.4500046] /Subtype /Link /Border [0 0 0] /Dest /17 /ANN pdfmark
(\).) S
0 -90 M
1.05859375 0 32 0 0 ([I-D note: These extensions are initially proposed as a part of ) A
gsave
newpath
283.8 -91.1 M
120.625 0 RL
stroke
grestore
1.05859375 0 32 0 0 ([I-D.oiwa-http-mutualauth]) A
[/Rect [282.757812 -92.75 405.382812 -80.65] /Subtype /Link /Border [0 0 0] /Dest /46 /ANN pdfmark
1.05859375 0 32 0 0 (. However,) A
0 -103.2 M
2.045573 0 32 0 0 (since these functionalities might possibly be useful in combination even with other authentication) A
0 -116.4 M
(schemes, the extensions were separated from the original document as this independent draft.] ) S
0 -127.4 M
[/View [/XYZ -4 629.6 null] /Dest /4 /DEST pdfmark
0 -127.4 M
[/View [/XYZ -4 629.6 null] /Dest /5 /DEST pdfmark
0 -143 M
%%IncludeResource: font Times-Bold
13 2 Nf
(1.1.) S
[/View [/XYZ -4 629.6 null] /Dest /63 /DEST pdfmark
( ) S
(Terminology) S
0 -167.2 M
11 0 Nf
2.37011719 0 32 0 0 (The key words "MUST", "MUST\240NOT", "REQUIRED", "SHALL", "SHALL\240NOT", "SHOULD",) A
0 -180.4 M
1.49739587 0 32 0 0 ("SHOULD\240NOT", "RECOMMENDED", "NOT\240RECOMMENDED", "MAY", and "OPTIONAL" in) A
0 -193.6 M
(this document are to be interpreted as described in ) S
gsave
newpath
223.9 -194.7 M
50.1054688 0 RL
stroke
grestore
([RFC2119]) S
[/Rect [222.863281 -196.349991 274.96875 -184.249985] /Subtype /Link /Border [0 0 0] /Dest /43 /ANN pdfmark
(.) S
0 -217.8 M
6.61002588 0 32 0 0 (The terms "encouraged" and "advised" are used for suggestions that do not constitute) A
0 -231 M
3.4172585 0 32 0 0 ("SHOULD"-level requirements. People MAY freely choose not to include the suggested items) A
0 -244.2 M
0.508091509 0 32 0 0 (regarding ) A
gsave
newpath
45.4 -245.3 M
50.1054688 0 RL
stroke
grestore
0.508091509 0 32 0 0 ([RFC2119]) A
[/Rect [44.3984375 -246.949982 96.5039062 -234.849976] /Subtype /Link /Border [0 0 0] /Dest /43 /ANN pdfmark
0.508091509 0 32 0 0 (, but complying with those suggestions would be a best practice; it will improve) A
0 -257.4 M
(the security, interoperability, and/or operational ) S
(performance.) S
0 -281.6 M
0.310302734 0 32 0 0 (This document distinguishes the terms "client" and "user" in the following way: A "client" is an entity) A
0 -294.8 M
0.23401989 0 32 0 0 (understanding and talking HTTP and the specified authentication protocol, usually computer software;) A
0 -308 M
(a "user" is a \(usually natural\) person who wants to access data resources using "a ) S
(client".) S
0 -319 M
[/View [/XYZ -4 437.999969 null] /Dest /6 /DEST pdfmark
0 -319 M
[/View [/XYZ -4 437.999969 null] /Dest /7 /DEST pdfmark
0 -338 M
15 2 Nf
(2.) S
[/View [/XYZ -4 436.999969 null] /Dest /64 /DEST pdfmark
( ) S
(Definitions) S
0 -345.5 M
[/View [/XYZ -4 411.499969 null] /Dest /8 /DEST pdfmark
0 -345.5 M
[/View [/XYZ -4 411.499969 null] /Dest /9 /DEST pdfmark
0 -364 M
13 2 Nf
(2.1.) S
[/View [/XYZ -4 408.599976 null] /Dest /65 /DEST pdfmark
( Terms for describing authentication protocol ) S
(flow) S
0 -388.2 M
11 0 Nf
1.62428975 0 32 0 0 (HTTP Authentication defined in ) A
gsave
newpath
151.9 -389.3 M
110.84375 0 RL
stroke
grestore
1.62428975 0 32 0 0 ([I-D.ietf-httpbis-p7-auth]) A
[/Rect [150.875 -390.950043 263.71875 -378.850037] /Subtype /Link /Border [0 0 0] /Dest /42 /ANN pdfmark
1.62428975 0 32 0 0 ( may involve with several pairs of HTTP) A
0 -401.4 M
3.09410501 0 32 0 0 (requests/responses. Throughout this document, the following terms are used to categorize those) A
0 -414.6 M
(messages: for ) S
(requests,) S
11 -435.2 M
gsave
0 setgray
newpath
11.0 -435.170074 2.75 0 360 arc
closepath
fill
grestore
22 -438.8 M
0.126802891 0 32 0 0 (A non-authenticating request is a request not attempting any authentication: a request without any) A
22 -452 M
(Authorization header. ) S
11 -462.6 M
gsave
0 setgray
newpath
11.0 -462.570099 2.75 0 360 arc
closepath
fill
grestore
22 -466.2 M
(An authenticating request is the opposite: a request with an Authorization header. ) S
0 -490.4 M
(For ) S
(responses,) S
11 -514.6 M
(1\) A non-authenticated response: ) S
33 -527.8 M
0.534895837 0 32 0 0 (is a response which does not involve with any HTTP authentication. It may not contain any) A
33 -541 M
(WWW-Authenticate or Authentication-Info header. ) S
33 -554.2 M
4.33756495 0 32 0 0 (Servers send this response when the requested resource is not protected by HTTP) A
33 -567.4 M
4.6015625 0 32 0 0 (authentication mechanisms. In context of this specification, not-authentication-related) A
33 -580.6 M
(negative responses \(e.g. 403 and 404\) are also considered as non-authenticated responses. ) S
33 -593.8 M
(\(See note on successfully-authenticated responses below for some ambiguous cases.\) ) S
11 -607 M
(2\) An authentication-initializing response: ) S
33 -620.2 M
0.903245211 0 32 0 0 (is a response which requires or allows clients to start authentication attempts. Servers send) A
33 -633.4 M
0.622514188 0 32 0 0 (this response when the requested resource is protected by HTTP authentication mechanism,) A
33 -646.6 M
(and the request meets one of the following cases: ) S
44 -657.2 M
gsave
0 setgray
newpath
44.0 -657.170227 2.75 0 360 arc
closepath
fill
grestore
55 -660.8 M
(The request is non-authenticating request, or ) S
55 -661.8 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 3 -) S
0 setgray
110 -8 M
grestore
pgsave restore N
%%Page: 4 4
%%PageResources: font Times-Roman Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
44 -9.6 M
gsave
0 setgray
newpath
44.0 -9.57000065 2.75 0 360 arc
closepath
fill
grestore
55 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.54154825 0 32 0 0 (The request contained an authentication trial directed to the protection space \(realm\)) A
55 -26.4 M
11 0 Nf
(other than the server's expected ) S
(one.) S
33 -39.6 M
(The server will specify the protection space for authentication in this response. ) S
33 -52.8 M
(Upon reception, the client's behavior is further divided to two possible cases. ) S
44 -63.4 M
gsave
0 setgray
newpath
44.0 -63.3700027 2.75 0 360 arc
closepath
fill
grestore
55 -67 M
3.67578125 0 32 0 0 (If the client may have no prior knowledge on authentication credentials \(e.g. a) A
55 -80.2 M
0.59765625 0 32 0 0 (user-name and a password\) related to the requested protection space, the protocol flow) A
55 -93.4 M
(terminates and the client will ask the user to provide authentication credentials, ) S
44 -104 M
gsave
0 setgray
newpath
44.0 -103.969994 2.75 0 360 arc
closepath
fill
grestore
55 -107.6 M
0.29296875 0 32 0 0 (On the other hand, if client already have an enough credentials for authentication to the) A
55 -120.8 M
0.440625 0 32 0 0 (requested protection space, the client will automatically send an authenticating request.) A
55 -134 M
2.71123791 0 32 0 0 (Such cases often occur when the client did not know beforehand that the current) A
55 -147.2 M
(request-URL requires an authentication. ) S
11 -160.4 M
(3\) A successfully-authenticated response: ) S
33 -173.6 M
2.40364575 0 32 0 0 (is a response for an authenticating request meaning that the authentication attempt was) A
33 -186.8 M
3.06605124 0 32 0 0 (granted. \(Note: if the authentication scheme used does not use an Authentication-Info) A
33 -200 M
(header, it may be indistinguishable from a non-authenticated response.\) ) S
11 -213.2 M
(4\) An intermediate authenticating response: ) S
33 -226.4 M
0.796038 0 32 0 0 (is a response for an authenticating request which requires some more reaction by the client) A
33 -239.6 M
3.17542624 0 32 0 0 (software without involving users. Such a response is required when an authentication) A
33 -252.8 M
1.81901038 0 32 0 0 (scheme requires two or more round-trip messages to perform authentication, or when an) A
33 -266 M
2.649858 0 32 0 0 (authentication scheme uses some speculative short-cut method \(such as uses of cached) A
33 -279.2 M
(shared secrets\) and it failed. ) S
11 -292.4 M
(5\) A negatively-authenticated response: ) S
33 -305.6 M
0.691706717 0 32 0 0 (is a response for an authenticating request which means that the authentication attempt was) A
33 -318.8 M
1.75234377 0 32 0 0 (declined and can not continue without another authentication credential. Clients typically) A
33 -332 M
(erase memory of the currently-using credentials and ask the user for other ones. ) S
33 -345.2 M
0.975060105 0 32 0 0 (Usually the format of these responses are as same as the one for authentication-initializing) A
33 -358.4 M
2.12044263 0 32 0 0 (responses. Client can distinguish it by comparing the protection spaces contained in the) A
33 -371.6 M
(request and in the response. ) S
0 -395.8 M
gsave
newpath
0 -396.9 M
36.9609375 0 RL
stroke
grestore
5.63671875 0 32 0 0 (Figure\2401) A
[/Rect [-1.0 -398.550079 37.9609375 -386.450073] /Subtype /Link /Border [0 0 0] /Dest /10 /ANN pdfmark
5.63671875 0 32 0 0 ( shows a state diagram of generic HTTP authentication with the above message) A
0 -409 M
0.762620211 0 32 0 0 (categorization. Note that many authentication schemes uses only a subset of the transitions described) A
0 -422.2 M
(on the diagram. Labels in the figure show the abbreviated names of response types. ) S
0 -433.2 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -444.2 M
[/View [/XYZ -4 312.799896 null] /Dest /10 /DEST pdfmark
0 -444.2 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 4 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 5 5
%%PageResources: font Times-Roman Times-Bold Courier Courier-Oblique Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -304 M
gsave
0.0 -304.0 translate
/IS 1 D
save
0 0 M
IS IS scale
/showpage {}D
-99 -500 translate
/tgifdict 56 dict def
tgifdict begin
/tgifarrowtipdict 8 dict def
tgifarrowtipdict /mtrx matrix put
/TGAT % tgifarrowtip
{ tgifarrowtipdict begin
/dy exch def
/dx exch def
/h exch def
/w exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
dy dx atan rotate
0 0 moveto
w neg h lineto
w neg h neg lineto
savematrix setmatrix
end
} def
/tgifarcdict 8 dict def
tgifarcdict /mtrx matrix put
/TGAN % tgifarcn
{ tgifarcdict begin
/endangle exch def
/startangle exch def
/yrad exch def
/xrad exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
xrad yrad scale
0 0 1 startangle endangle arc
savematrix setmatrix
end
} def
/TGAR % tgifarc
{ tgifarcdict begin
/endangle exch def
/startangle exch def
/yrad exch def
/xrad exch def
/y exch def
/x exch def
/savematrix mtrx currentmatrix def
x y translate
xrad yrad scale
0 0 1 startangle endangle arcn
savematrix setmatrix
end
} def
/TGMAX
{ exch dup 3 1 roll exch dup 3 1 roll gt { pop } { exch pop } ifelse
} def
/TGMIN
{ exch dup 3 1 roll exch dup 3 1 roll lt { pop } { exch pop } ifelse
} def
/TGSW { stringwidth pop } def
/bd { bind def } bind def
/GS { gsave } bd
/GR { grestore } bd
/NP { newpath } bd
/CP { closepath } bd
/CHP { charpath } bd
/CT { curveto } bd
/L { lineto } bd
/RL { rlineto } bd
/M { moveto } bd
/RM { rmoveto } bd
/S { stroke } bd
/F { fill } bd
/TR { translate } bd
/RO { rotate } bd
/SC { scale } bd
/MU { mul } bd
/DI { div } bd
/DU { dup } bd
/NE { neg } bd
/AD { add } bd
/SU { sub } bd
/PO { pop } bd
/EX { exch } bd
/CO { concat } bd
/CL { clip } bd
/EC { eoclip } bd
/EF { eofill } bd
/IM { image } bd
/IMM { imagemask } bd
/ARY { array } bd
/SG { setgray } bd
/RG { setrgbcolor } bd
/SD { setdash } bd
/W { setlinewidth } bd
/SM { setmiterlimit } bd
/SLC { setlinecap } bd
/SLJ { setlinejoin } bd
/SH { show } bd
/FF { findfont } bd
/MS { makefont setfont } bd
/AR { arcto 4 {pop} repeat } bd
/CURP { currentpoint } bd
/FLAT { flattenpath strokepath clip newpath } bd
/TGSM { tgiforigctm setmatrix } def
/TGRM { savematrix setmatrix } def
end
tgifdict begin
/tgifsavedpage save def
1 SM
1 W
0 SG
72 0 MU 72 11.602 MU TR
72 128 DI 100.000 MU 100 DI DU NE SC
GS
/tgiforigctm matrix currentmatrix def
NP
0 SG
GS
1 W
250 75 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NEW REQUEST) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NEW REQUEST) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
NP
250 125 M
180 155 L
250 185 L
320 155 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
250 150 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(the requested URI) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(the requested URI) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(known to be authed?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(known to be authed?) SH
GR
GR
0 SG
GS
NP
250 80 M
45 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 125 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 125 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
250 125 8.000 3.000 0 45 TGAT
CP F
GR
0 SG
GS
GS
NP
684 200 M
700 200 700 250 16 AR
700 234 L
700 250 600 250 16 AR
616 250 L
600 250 600 200 16 AR
600 216 L
600 200 700 200 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 220 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(normal request) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(normal request) SH
GR
GR
0 SG
GS
NP
650 200 M
-55 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 145 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 145 8.000 3.000 0 -55 TGAT
1 SG CP F
0 SG
NP
650 145 8.000 3.000 0 -55 TGAT
CP F
GR
NP
0 SG
GS
1 W
650 140 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
320 155 M
70 280 atan DU cos 8.000 MU 600 exch SU
exch sin 8.000 MU 225 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
600 225 8.000 3.000 280 70 TGAT
1 SG CP F
0 SG
NP
600 225 8.000 3.000 280 70 TGAT
CP F
GR
NP
0 SG
GS
1 W
605 175 M
GS
GS
0
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) SH
GR
GR
0 SG
NP
650 295 M
580 325 L
650 355 L
720 325 L
CP
GS
GR
GS
S
GR
NP
0 SG
GS
1 W
650 320 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(credentials) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(credentials) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(known?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(known?) SH
GR
GR
0 SG
GS
NP
650 250 M
45 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 295 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 295 8.000 3.000 0 45 TGAT
1 SG CP F
0 SG
NP
650 295 8.000 3.000 0 45 TGAT
CP F
GR
NP
0 SG
GS
1 W
655 265 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(initializing) SH
GR
GR
0 SG
GS
NP
580 325 M
0 -45 atan DU cos 8.000 MU 535 exch SU
exch sin 8.000 MU 325 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
535 325 8.000 3.000 -45 0 TGAT
1 SG CP F
0 SG
NP
535 325 8.000 3.000 -45 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
475 330 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_REQUESTED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
NP
0 SG
GS
1 W
570 320 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
NP
0 SG
GS
1 W
330 150 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
0 SG
GS
NP
250 185 M
20 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 205 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 205 8.000 3.000 0 20 TGAT
1 SG CP F
0 SG
NP
250 205 8.000 3.000 0 20 TGAT
CP F
GR
0 SG
GS
GS
NP
284 360 M
300 360 300 410 16 AR
300 394 L
300 410 200 410 16 AR
216 410 L
200 410 200 360 16 AR
200 376 L
200 360 300 360 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
250 380 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) SH
GR
GR
NP
0 SG
GS
1 W
250 585 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(UNAUTHENTICATED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
240 410 M
240 440 L
130 0 atan DU cos 8.000 MU 240 exch SU
exch sin 8.000 MU 570 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
240 570 8.000 3.000 0 130 TGAT
1 SG CP F
0 SG
NP
240 570 8.000 3.000 0 130 TGAT
CP F
GR
NP
0 SG
GS
1 W
285 505 M
GS
GS
0
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(non-auth resp.) SH
GR
GR
0 SG
GS
NP
300 385 M
0 100 atan DU cos 8.000 MU 400 exch SU
exch sin 8.000 MU 385 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
400 385 8.000 3.000 100 0 TGAT
1 SG CP F
0 SG
NP
400 385 8.000 3.000 100 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
345 380 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(negative) SH
GR
GR
NP
0 SG
GS
1 W
450 390 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_FAILED) TGSW
AD
/Times-Roman FF [12 0 0 -12 0 0] MS
(:) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_FAILED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(:) SH
GR
GR
NP
0 SG
GS
1 W
450 590 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_SUCCEED) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(AUTH_SUCCEED) DU TGSW EX SH
GS CURP M 0 2 RM NE 0 RL S GR
GR
GR
0 SG
GS
NP
295 405 M
170 105 atan DU cos 8.000 MU 400 exch SU
exch sin 8.000 MU 575 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
400 575 8.000 3.000 105 170 TGAT
1 SG CP F
0 SG
NP
400 575 8.000 3.000 105 170 TGAT
CP F
GR
NP
0 SG
GS
1 W
375 522 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(success. auth) SH
GR
GR
0 SG
GS
GS
NP
684 460 M
700 460 700 510 16 AR
700 494 L
700 510 600 510 16 AR
616 510 L
600 510 600 460 16 AR
600 476 L
600 460 700 460 16 AR
CP
S
GR
GR
NP
0 SG
GS
1 W
650 480 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(send) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(auth-req) SH
GR
GR
0 SG
GS
NP
650 355 M
105 0 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 460 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 460 8.000 3.000 0 105 TGAT
1 SG CP F
0 SG
NP
650 460 8.000 3.000 0 105 TGAT
CP F
GR
0 SG
GS
NP
625 460 M
-75 -130 atan DU cos 8.000 MU 495 exch SU
exch sin 8.000 MU 385 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
495 385 8.000 3.000 -130 -75 TGAT
1 SG CP F
0 SG
NP
495 385 8.000 3.000 -130 -75 TGAT
CP F
GR
0 SG
GS
NP
605 505 M
70 -105 atan DU cos 8.000 MU 500 exch SU
exch sin 8.000 MU 575 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
500 575 8.000 3.000 -105 70 TGAT
1 SG CP F
0 SG
NP
500 575 8.000 3.000 -105 70 TGAT
CP F
GR
0 SG
GS
NP
300 400 M
65 305 atan DU cos 8.000 MU 605 exch SU
exch sin 8.000 MU 465 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
605 465 8.000 3.000 305 65 TGAT
1 SG CP F
0 SG
NP
605 465 8.000 3.000 305 65 TGAT
CP F
GR
NP
0 SG
GS
1 W
385 445 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(intermediate) SH
GR
GR
NP
0 SG
GS
1 W
665 365 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
NP
0 SG
GS
1 W
230 200 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
0 SG
GS
NP
295 365 M
335 280 L
375 280 L
0 275 atan DU cos 8.000 MU 650 exch SU
exch sin 8.000 MU 280 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
650 280 8.000 3.000 275 0 TGAT
1 SG CP F
0 SG
NP
650 280 8.000 3.000 275 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
330 270 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(initializing) SH
GR
GR
NP
0 SG
GS
1 W
540 405 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(negative) SH
GR
GR
NP
0 SG
GS
1 W
505 522 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(success. auth) SH
GR
GR
NP
0 SG
GS
1 W
650 545 M
GS
0 SG
/Times-BoldItalic FF [12 0 0 -12 0 0] MS
(intermediate) SH
GR
GR
0 SG
GS
GS
NP
702 512 22 22 -75 180 TGAN
S
GR
GR
GS
TGSM
NP
702 490 8.000 3.000 -44 0 TGAT
1 SG CP F
0 SG
NP
702 490 8.000 3.000 -44 0 TGAT
CP F
GR
0 SG
NP
250 205 M
180 235 L
250 265 L
320 235 L
CP
GS
GR
GS
S
GR
0 SG
GS
NP
250 265 M
95 0 atan DU cos 8.000 MU 250 exch SU
exch sin 8.000 MU 360 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
250 360 8.000 3.000 0 95 TGAT
1 SG CP F
0 SG
NP
250 360 8.000 3.000 0 95 TGAT
CP F
GR
NP
0 SG
GS
1 W
250 230 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(Can auth.-req.) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(Can auth.-req.) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(be construted?) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(be construted?) SH
GR
0 15 RM
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*1\)) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*1\)) SH
GR
GR
NP
0 SG
GS
1 W
315 220 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(NO) SH
GR
GR
NP
0 SG
GS
1 W
235 280 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) TGSW
AD
GR
2 DI NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(YES) SH
GR
GR
0 SG
GS
NP
320 235 M
335 235 L
355 235 L
0 245 atan DU cos 8.000 MU 600 exch SU
exch sin 8.000 MU 235 exch SU L
TGSM
1 W
S
GR
GS
TGSM
NP
600 235 8.000 3.000 245 0 TGAT
1 SG CP F
0 SG
NP
600 235 8.000 3.000 245 0 TGAT
CP F
GR
NP
0 SG
GS
1 W
270 520 M
GS
GS
0
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*2\)) TGSW
AD
GR
NE 0 RM
0 SG
/Times-Roman FF [12 0 0 -12 0 0] MS
(\(*2\)) SH
GR
GR
GR
tgifsavedpage restore
end
showpage
restore
grestore
309.0 0.0 RM
131.3 -326.9 M
%%IncludeResource: font Times-Bold
7.63889 2 Nf
(\240Figure\2401: Generic state diagram for HTTP ) S
(authentication\240) S
0 -340.8 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -365 M
%%IncludeResource: font Times-Roman
11 0 Nf
2.2546165 0 32 0 0 (Note: \(*1\) For example, "Digest" scheme requires server-provided nonces to construct client-side ) A
0 -378.2 M
(challenges.) S
0 -391.4 M
2.90397143 0 32 0 0 (\(*2\) In "Basic" and some others, this cannot be distinguished from a successfully-authenticated) A
0 -404.6 M
(response. ) S
0 -415.6 M
[/View [/XYZ -4 341.351349 null] /Dest /11 /DEST pdfmark
0 -415.6 M
[/View [/XYZ -4 341.351349 null] /Dest /12 /DEST pdfmark
0 -431.2 M
13 2 Nf
(2.2.) S
[/View [/XYZ -4 341.351349 null] /Dest /66 /DEST pdfmark
( Syntax ) S
(Notation) S
0 -455.4 M
11 0 Nf
3.19101572 0 32 0 0 (This specification uses an extended BNF syntax defined in ) A
gsave
newpath
289.8 -456.5 M
138.335938 0 RL
stroke
grestore
3.19101572 0 32 0 0 ([I-D.ietf-httpbis-p1-messaging]) A
[/Rect [288.839844 -458.198669 429.175781 -446.098663] /Subtype /Link /Border [0 0 0] /Dest /41 /ANN pdfmark
3.19101572 0 32 0 0 (. The) A
0 -468.6 M
13.8962049 0 32 0 0 (following syntax definitions are quoted from ) A
gsave
newpath
283.1 -469.7 M
138.335938 0 RL
stroke
grestore
13.8962049 0 32 0 0 ([I-D.ietf-httpbis-p1-messaging]) A
[/Rect [282.125 -471.398682 422.460938 -459.298676] /Subtype /Link /Border [0 0 0] /Dest /41 /ANN pdfmark
13.8962049 0 32 0 0 ( and ) A
0 -481.8 M
gsave
newpath
0 -482.9 M
110.84375 0 RL
stroke
grestore
0.901855469 0 32 0 0 ([I-D.ietf-httpbis-p7-auth]) A
[/Rect [-1.0 -484.598694 111.84375 -472.498688] /Subtype /Link /Border [0 0 0] /Dest /42 /ANN pdfmark
0.901855469 0 32 0 0 (: auth-scheme, quoted-string, auth-param, SP, header-field, and challenge. It) A
0 -495 M
(also uses the convention of using header names for specifying syntax of header values. ) S
0 -519.2 M
1.25585938 0 32 0 0 (Additionally, this specification uses the following syntax elements following syntax definitions as a) A
0 -532.4 M
1.26669037 0 32 0 0 (refinement for token and the righthand-side of auth-param in ) A
gsave
newpath
281.7 -533.5 M
110.84375 0 RL
stroke
grestore
1.26669037 0 32 0 0 ([I-D.ietf-httpbis-p7-auth]) A
[/Rect [280.671875 -535.19873 393.515625 -523.098755] /Subtype /Link /Border [0 0 0] /Dest /42 /ANN pdfmark
1.26669037 0 32 0 0 (. \(Note: these) A
0 -545.6 M
(definitions are consistent with those in ) S
gsave
newpath
172.3 -546.7 M
120.625 0 RL
stroke
grestore
([I-D.oiwa-http-mutualauth]) S
[/Rect [171.269531 -548.398743 293.894531 -536.298767] /Subtype /Link /Border [0 0 0] /Dest /46 /ANN pdfmark
(.\) ) S
0 -556.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -567.6 M
[/View [/XYZ -4 189.351257 null] /Dest /13 /DEST pdfmark
0 -578.4 M
%%IncludeResource: font Courier
9.0 4 Nf
( ) S
%%IncludeResource: font Courier-Oblique
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( = 1*\(%x30-39 / %x41-5A / %x61-7A / "-" / "_"\)) S
0 -589.2 M
9.0 4 Nf
( ) S
9.0 5 Nf
(extension-token) S
9.0 4 Nf
( = "-" ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( 1*\("." ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
(\)) S
0 -600 M
9.0 4 Nf
( ) S
9.0 5 Nf
(extensive-token) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(bare-token) S
9.0 4 Nf
( / ) S
9.0 5 Nf
(extension-token) S
0 -610.8 M
9.0 4 Nf
( ) S
9.0 5 Nf
(integer) S
9.0 4 Nf
( = "0" / \(%x31-39 *%x30-39\) ) S
9.0 5 Nf
(; no leading zeros) S
147.2 -633.8 M
7.63889 2 Nf
(\240Figure\2402: the BNF syntax for common ) S
(notations\240) S
0 -636.7 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 5 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 6 6
%%PageResources: font Times-Roman Times-Bold Courier Courier-Oblique Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -0 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -24.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
1.88755584 0 32 0 0 (Extensive-tokens are used in this protocol where the set of acceptable tokens may include private) A
0 -37.4 M
2.68131518 0 32 0 0 (extensions. Any private extensions of this protocol MUST use the extension-tokens with format) A
0 -50.6 M
0.527734399 0 32 0 0 ("-<token>.<domain-name>", where <domain-name> is a validly registered \(sub-\)domain name on the) A
0 -63.8 M
(Internet owned by the party who defines the extensions. ) S
0 -74.8 M
[/View [/XYZ -4 682.2 null] /Dest /14 /DEST pdfmark
0 -74.8 M
[/View [/XYZ -4 682.2 null] /Dest /15 /DEST pdfmark
0 -93.8 M
%%IncludeResource: font Times-Bold
15 2 Nf
(3.) S
[/View [/XYZ -4 681.2 null] /Dest /67 /DEST pdfmark
( Optional ) S
(Authentication) S
0 -118 M
11 0 Nf
3.47916675 0 32 0 0 (The Optional-WWW-Authenticate header enables a non-mandatory authentication, which is not) A
0 -131.2 M
1.48925781 0 32 0 0 (possible under the current HTTP authentication mechanism. In several Web applications, users can) A
0 -144.4 M
0.109809026 0 32 0 0 (access the same contents as both a guest user and an authenticated user. In most Web applications, it is) A
0 -157.6 M
3.15625 0 32 0 0 (implemented using ) A
gsave
newpath
93.1 -158.7 M
33.3984375 0 RL
stroke
grestore
3.15625 0 32 0 0 (HTTP ) A
gsave
newpath
126.5 -158.7 M
33.5976562 0 RL
stroke
grestore
3.15625 0 32 0 0 (cookies) A
[/Rect [92.0664062 -160.349991 161.0625 -148.249985] /Subtype /Link /Border [0 0 0] /Dest /47 /ANN pdfmark
3.15625 0 32 0 0 ( [RFC6265] and custom form-based authentications. The new) A
0 -170.8 M
(authentication method using this message will provide a replacement for these authentication systems. ) S
0 -195 M
1.46664667 0 32 0 0 (Servers MAY send HTTP successful responses \(response code 200, 206 and others\) containing the) A
0 -208.2 M
6.1741538 0 32 0 0 (Optional-WWW-Authenticate header as a replacement of a 401 response when it is an) A
0 -221.4 M
6.13541651 0 32 0 0 (authentication-initializing response. The Optional-WWW-Authenticate header MUST\240NOT be) A
0 -234.6 M
(contained in 401 responses. ) S
11 -258.8 M
(HTTP/1.1 200 ) S
(OK) S
11 -272 M
(Optional-WWW-Authenticate: Basic realm="xxxx" ) S
0 -283 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -294 M
[/View [/XYZ -4 463.0 null] /Dest /16 /DEST pdfmark
0 -304.8 M
%%IncludeResource: font Courier
9.0 4 Nf
( ) S
%%IncludeResource: font Courier-Oblique
9.0 5 Nf
(Optional-WWW-Authenticate) S
9.0 4 Nf
( = ) S
9.0 5 Nf
(challenge) S
121.6 -327.7 M
7.63889 2 Nf
(\240Figure\2403: BNF syntax for Optional-WWW-Authenticate ) S
(header\240) S
0 -341.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -365.8 M
11 0 Nf
0.929408491 0 32 0 0 (The challenge contained in the Optional-WWW-Authenticate header are the same as those for a 401) A
0 -379 M
5.33125 0 32 0 0 (responses corresponding for a same request. For authentication-related matters, an optional) A
0 -392.2 M
4.40414667 0 32 0 0 (authentication request will have the same meaning as a 401 message with a corresponding) A
0 -405.4 M
3.61935759 0 32 0 0 (WWW-Authenticate header \(as an authentication-initializing response\). \(The behavior for other) A
0 -418.6 M
(matters, such as caching, MAY be different between the optional authentication and 401 messages.\) ) S
0 -442.8 M
0.777994812 0 32 0 0 (A response with an Optional-WWW-Authenticate header SHOULD be returned from the server only) A
0 -456 M
0.97265625 0 32 0 0 (when the request is either non-authenticated or authenticating to a wrong \(not the server's expected\)) A
0 -469.2 M
3.8 0 32 0 0 (protection space. If a response is either an intermediate or a negative response to a client's) A
0 -482.4 M
7.36621094 0 32 0 0 (authentication attempt, the server MUST respond with a 401 status response with a) A
0 -495.6 M
0.0750558 0 32 0 0 (WWW-Authenticate header instead. Failure to comply this rule will make client not able to distinguish) A
0 -508.8 M
(authentication successes and failures. ) S
0 -533 M
3.64960933 0 32 0 0 (The server is NOT\240RECOMMENDED to include an Optional-WWW-Authenticate header in a) A
0 -546.2 M
(positive response when a client's authentication attempt succeeds. ) S
0 -570.4 M
0.520052075 0 32 0 0 (Whenever an authentication scheme support for servers to send some parameter which gives a hint of) A
0 -583.6 M
2.28683043 0 32 0 0 (URL space for the corresponding protection space for the same realm \(e.g. "path" or "domain"\),) A
0 -596.8 M
1.69492185 0 32 0 0 (servers requesting non-mandatory authentication SHOULD send such parameter with the response.) A
0 -610 M
1.0110085 0 32 0 0 (Clients supporting non-mandatory authentication MUST recognize the parameter, and MUST send a) A
0 -623.2 M
0.0993303582 0 32 0 0 (request with an appropriate authentication credential in an Authorization header for any URI inside the) A
0 -636.4 M
(specified paths. ) S
0 -636.4 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 6 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 7 7
%%PageResources: font Times-Roman Times-Bold Courier Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.232291669 0 32 0 0 (Support of this header is OPTIONAL; Clients MAY also choose any set of authentication schemes for) A
0 -26.4 M
1.078776 0 32 0 0 (which optional authentication is supported \(in other words, its support MAY be scheme-dependent\).) A
0 -39.6 M
3.61371517 0 32 0 0 (However, some authentication schemes MAY require mandatory/recommended support for this) A
0 -52.8 M
0.0758928582 0 32 0 0 (header, so that server-side applications MAY assume that clients supporting such schemes are likely to) A
0 -66 M
(support the extension as well. ) S
0 -77 M
[/View [/XYZ -4 680.0 null] /Dest /17 /DEST pdfmark
0 -77 M
[/View [/XYZ -4 680.0 null] /Dest /18 /DEST pdfmark
0 -96 M
%%IncludeResource: font Times-Bold
15 2 Nf
(4.) S
[/View [/XYZ -4 679.0 null] /Dest /68 /DEST pdfmark
( Authentication-Control ) S
(header) S
0 -107 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -118 M
[/View [/XYZ -4 639.0 null] /Dest /19 /DEST pdfmark
0 -128.8 M
%%IncludeResource: font Courier
9.0 4 Nf
( Authentication-Control = auth-scheme 1*SP 1#auth-param) S
120.6 -151.7 M
7.63889 2 Nf
(\240Figure\2404: the BNF syntax for the Authentication-Control ) S
(header\240) S
0 -165.6 M
gsave
0.6 setlinewidth
0 setgray
454.0 0 RL
stroke
grestore
0.0 -11.0 RM
0 -189.8 M
11 0 Nf
1.72836542 0 32 0 0 (The Authentication-Control header provides a more precise control of the client behavior for Web) A
0 -203 M
1.29547989 0 32 0 0 (applications using an HTTP authentication protocol. This header is supposed to be generated in the) A
0 -216.2 M
0.951622605 0 32 0 0 (application layer, as opposed to WWW-Authenticate headers which will be generated usually by the) A
0 -229.4 M
(Web servers. ) S
0 -253.6 M
0.791015625 0 32 0 0 (Support of this header is OPTIONAL, and clients MAY choose any subset of these parameters to be) A
0 -266.8 M
0.347301126 0 32 0 0 (supported. The set of supported parameters MAY also be authentication scheme-dependent. However,) A
0 -280 M
1.43782556 0 32 0 0 (some authentication schemes MAY require mandatory/recommended support for some or all of the) A
0 -293.2 M
(features provided in this header. ) S
0 -317.4 M
1.15136719 0 32 0 0 (The "auth-scheme" specified in this header and other authentication-related headers within the same) A
0 -330.6 M
(message MUST be the same. Clients MUST ignore any unknown parameters contained in this header. ) S
0 -354.8 M
1.1796875 0 32 0 0 (The header contain one or more parameters, each of which is a name-value pair. The name of each) A
0 -368 M
0.471261173 0 32 0 0 (parameter MUST be an extensive-token. The type of parameter value depends on the parameter name) A
0 -381.2 M
1.84254813 0 32 0 0 (as defined in the following subsections. Regardless of the type, however, the recipients SHOULD) A
0 -394.4 M
1.19416356 0 32 0 0 (accept both quoted and unquoted representations of values as defined in HTTP. If it is defined as a) A
0 -407.6 M
1.13789058 0 32 0 0 (string, it is encouraged to be sent in a quoted-string form. If it defined as a token \(or similar\) or an) A
0 -420.8 M
1.27704322 0 32 0 0 (integer, the value SHOULD follow the corresponding ABNF syntax after possible unquoting of the) A
0 -434 M
(quoted-string value \(as defined in HTTP\), and is encouraged to be sent in a unquoted form. ) S
0 -458.2 M
1.49023438 0 32 0 0 (Server-side application SHOULD always be reminded that any parameters contained in this header) A
0 -471.4 M
0.296440959 0 32 0 0 (MAY be ignored by clients. Also, even when a client accepts this header, users may always be able to) A
0 -484.6 M
1.5184896 0 32 0 0 (circumvent semantics of this header. Therefore, if this header is used for security purposes, its use) A
0 -497.8 M
2.5390625 0 32 0 0 (MUST be limited for providing some non-fundamental additional security measures valuable for) A
0 -511 M
0.516335249 0 32 0 0 (end-users \(such as client-side log-out for protecting against console takeover\). Server-side application) A
0 -524.2 M
(MUST\240NOT rely on the use of this header for protecting server-side resources. ) S
0 -535.2 M
[/View [/XYZ -4 221.751221 null] /Dest /20 /DEST pdfmark
0 -535.2 M
[/View [/XYZ -4 221.751221 null] /Dest /21 /DEST pdfmark
0 -550.8 M
13 2 Nf
(4.1.) S
[/View [/XYZ -4 221.751221 null] /Dest /69 /DEST pdfmark
( Auth-style ) S
(parameter) S
0 -575 M
11 0 Nf
(Authentication-Control: Digest auth-style=modal ) S
0 -599.2 M
2.02278638 0 32 0 0 (The parameter "auth-style" specifies the server's preferences over user interface behavior for user) A
0 -612.4 M
3.6526227 0 32 0 0 (authentication. This parameter can be included in any kind of responses, however, it is only) A
0 -625.6 M
1.6484375 0 32 0 0 (meaningful for either authentication-initializing or negatively-authenticated responses. The value of) A
0 -638.8 M
7.14518213 0 32 0 0 (this parameter MUST be one of the bare-tokens "modal" or "non-modal". When the) A
0 -652 M
1.15983069 0 32 0 0 (Optional-WWW-Authenticate header is used, the value of this parameter MUST be disregarded and) A
0 -665.2 M
(the value "non-modal" is implied. ) S
0 -665.2 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 7 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 8 8
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
3.50390625 0 32 0 0 (The value "modal" means that the server thinks the content of the response \(body and other) A
0 -26.4 M
2.1796875 0 32 0 0 (content-related headers\) is valuable only for users refusing authentication request. The clients are) A
0 -39.6 M
0.485839844 0 32 0 0 (expected to ask the user a password before processing the content. This behavior is common for most) A
0 -52.8 M
(of the current implementations of Basic and Digest authentication schemes. ) S
0 -77 M
2.1598959 0 32 0 0 (The value "non-modal" means that the server thinks the content of the response \(body and other) A
0 -90.2 M
0.805664062 0 32 0 0 (content-related headers\) is valuable for users before processing an authentication request. The clients) A
0 -103.4 M
5.20432711 0 32 0 0 (are expected to first process the content and then provide users opportunities to perform) A
0 -116.6 M
(authentication. ) S
0 -140.8 M
1.10774744 0 32 0 0 (The default behavior for the clients is implementation-dependent, and clients MAY choose different) A
0 -154 M
3.26302075 0 32 0 0 (defaults for different authentication schemes. The proposed default behavior is "modal" for all) A
0 -167.2 M
3.40664053 0 32 0 0 (authentication schemes, but specifications for authentication schemes MAY propose a different) A
0 -180.4 M
(default. ) S
0 -204.6 M
0.13131009 0 32 0 0 (The above two different methods of authentication may introduce a observable difference of semantics) A
0 -217.8 M
1.18719947 0 32 0 0 (when the response contains state-changing side effects; for example, it may change whether ) A
gsave
newpath
422.2 -218.9 M
31.8203125 0 RL
stroke
grestore
1.18719947 0 32 0 0 (Cookie ) A
[/Rect [421.179688 -220.549973 458.886719 -208.449966] /Subtype /Link /Border [0 0 0] /Dest /47 /ANN pdfmark
0 -231 M
gsave
newpath
0 -232.1 M
33.5859375 0 RL
stroke
grestore
4.18652344 0 32 0 0 (headers) A
[/Rect [-1.0 -233.749969 34.5859375 -221.649963] /Subtype /Link /Border [0 0 0] /Dest /47 /ANN pdfmark
4.18652344 0 32 0 0 ( [RFC6265] in 401 responses are processed or not. However, the server applications) A
0 -244.2 M
(SHOULD\240NOT depend on both existence and non-existence of such side effects. ) S
0 -255.2 M
[/View [/XYZ -4 501.800049 null] /Dest /22 /DEST pdfmark
0 -255.2 M
[/View [/XYZ -4 501.800049 null] /Dest /23 /DEST pdfmark
0 -270.8 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.2.) S
[/View [/XYZ -4 501.800049 null] /Dest /70 /DEST pdfmark
( Location-when-unauthenticated ) S
(parameter) S
0 -295 M
11 0 Nf
(Authentication-Control: Mutual) S
0 -308.2 M
(location-when-unauthenticated="http://www.example.com/login.html" ) S
0 -332.4 M
0.348524302 0 32 0 0 (The parameter "location-when-unauthenticated" specifies a location where any unauthenticated clients) A
0 -345.6 M
0.637152791 0 32 0 0 (should be redirected to. This header may be used, for example, when there is a central login page for) A
0 -358.8 M
1.13574219 0 32 0 0 (the entire Web application. The value of this parameter MUST be a string that contains an absolute) A
0 -372 M
1.05902779 0 32 0 0 (URL location. If a given URL is not absolute, the clients MAY consider it a relative URL from the) A
0 -385.2 M
(current location. ) S
0 -409.4 M
0.643694222 0 32 0 0 (This parameter MAY be used with a 401 response for authentication-initializing response. It can also) A
0 -422.6 M
11.5490456 0 32 0 0 (be contained, although NOT\240RECOMMENDED, in a positive response with an) A
0 -435.8 M
1.54261363 0 32 0 0 (Optional-WWW-Authenticate header. The clients MUST ignore this parameter, when a response is) A
0 -449 M
2.35107422 0 32 0 0 (either successfully-authenticated or intermediately-authenticated. The clients SHOULD ignore this) A
0 -462.2 M
(parameter when a response is a negatively-authenticated one \(the case is unlikely to happen, though\). ) S
0 -486.4 M
0.133593753 0 32 0 0 (When a client receives an authentication-initiating response with this parameter, if the client has to ask) A
0 -499.6 M
1.32858455 0 32 0 0 (users for authentication credentials, the client will treat the entire response as if it were a 303 "See) A
0 -512.8 M
1.12402344 0 32 0 0 (Other" response with a Location header that contains the value of this parameter \(i.e., client will be) A
0 -526 M
1.04125977 0 32 0 0 (redirected to the specified location with a GET request\). Unlike a normal 303 response, if the client) A
0 -539.2 M
(can process authentication without the user's interaction, this parameter MUST be ignored. ) S
0 -550.2 M
[/View [/XYZ -4 206.799866 null] /Dest /24 /DEST pdfmark
0 -550.2 M
[/View [/XYZ -4 206.799866 null] /Dest /25 /DEST pdfmark
0 -565.8 M
13 2 Nf
(4.3.) S
[/View [/XYZ -4 206.799866 null] /Dest /71 /DEST pdfmark
( No-auth ) S
(parameter) S
0 -590 M
11 0 Nf
(Authentication-Control: Basic no-auth=true ) S
0 -614.2 M
0.643880188 0 32 0 0 (The parameter "no-auth" is a variant of the location-when-unauthenticated parameter; it specifies that) A
0 -627.4 M
0.702343762 0 32 0 0 (new authentication attempt is not to be performed on this location for better user experience, without) A
0 -640.6 M
0.727941155 0 32 0 0 (specifying the redirection on the HTTP level. This header may be used, for example, when there is a) A
0 -653.8 M
0.09375 0 32 0 0 (central login page for the entire Web application, and when a \(Web content's level\) explicit interaction) A
0 -667 M
0.542739 0 32 0 0 (of users is desired before authentications. The value of this parameter MUST be a token "true". If the) A
0 -667 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 8 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 9 9
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
(value is incorrect, client MAY ignore this parameter. ) S
0 -37.4 M
11 0 Nf
2.91373706 0 32 0 0 (This parameter MAY be used with authentication-initiating responses. It can also be contained,) A
0 -50.6 M
3.67919922 0 32 0 0 (although NOT\240RECOMMENDED, in a positive response with an Optional-WWW-Authenticate) A
0 -63.8 M
0.524088562 0 32 0 0 (header. The clients MUST ignore this parameter, when a response is either successfully-authenticated) A
0 -77 M
2.12695312 0 32 0 0 (or intermediately-authenticated. The clients SHOULD ignore this parameter when a response is a) A
0 -90.2 M
(negatively-authenticated one \(the case is unlikely to happen, though\). ) S
0 -114.4 M
0.133593753 0 32 0 0 (When a client receives an authentication-initiating response with this parameter, if the client has to ask) A
0 -127.6 M
0.397135407 0 32 0 0 (users for authentication credentials, the client will ignore the WWW-Authenticate header contained in) A
0 -140.8 M
1.04843748 0 32 0 0 (the response and treat the whole response as a normal negative 4xx-class response instead of giving) A
0 -154 M
0.992466509 0 32 0 0 (user an opportunity to start authentication. If the client can process authentication without the user's) A
0 -167.2 M
(interaction, this parameter MUST ignored. ) S
0 -191.4 M
1.48320317 0 32 0 0 (This parameter SHOULD\240NOT be used along with the location-when-unauthenticated parameter. If) A
0 -204.6 M
(both were supplied, clients MAY choose which one is to be honored. ) S
0 -228.8 M
0.0354567319 0 32 0 0 (This parameter SHOULD\240NOT be used as any security measures to prevent authentication attempts, as) A
0 -242 M
2.73688626 0 32 0 0 (it is easily circumvented by users. This parameter SHOULD be used solely for improving user) A
0 -255.2 M
(experience of web applications. ) S
0 -266.2 M
[/View [/XYZ -4 490.800049 null] /Dest /26 /DEST pdfmark
0 -266.2 M
[/View [/XYZ -4 490.800049 null] /Dest /27 /DEST pdfmark
0 -281.8 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.4.) S
[/View [/XYZ -4 490.800049 null] /Dest /72 /DEST pdfmark
( Location-when-logout ) S
(parameter) S
0 -306 M
11 0 Nf
(Authentication-Control: Digest location-when-logout="http://www.example.com/byebye.html" ) S
0 -330.2 M
1.22776437 0 32 0 0 (The parameter "location-when-logout" specifies a location where the client is to be redirected when) A
0 -343.4 M
1.30193019 0 32 0 0 (the user explicitly request a logout. The value of this parameter MUST be a string that contains an) A
0 -356.6 M
1.17486215 0 32 0 0 (absolute URL location. If a given URL is not absolute, the clients MAY consider it a relative URL) A
0 -369.8 M
(from the current location. ) S
0 -394 M
0.243815109 0 32 0 0 (This parameter MAY be used with successfully-authenticated responses. If this parameter is contained) A
0 -407.2 M
(in other kinds of responses, the clients MUST ignore this parameter. ) S
0 -431.4 M
0.029296875 0 32 0 0 (When the user requests to terminate an authentication period, and if the client currently displays a page) A
0 -444.6 M
0.656020224 0 32 0 0 (supplied by a response with this parameter, the client will be redirected to the specified location by a) A
0 -457.8 M
0.946289062 0 32 0 0 (new GET request \(as if it received a 303 response\). The log-out operation \(e.g. erasing memories of) A
0 -471 M
2.73978376 0 32 0 0 (user name, authentication credential and all related one-time credentials such as nonce or keys\)) A
0 -484.2 M
(SHOULD occur before processing a redirection. ) S
0 -508.4 M
0.621354163 0 32 0 0 (When the user requests to terminate an authentication period, if the client supports this parameter but) A
0 -521.6 M
1.79657447 0 32 0 0 (the server response does not contain this parameter, the client's RECOMMENDED behavior is as) A
0 -534.8 M
0.0513020828 0 32 0 0 (follows: if the request corresponding to the current content was idempotent \(e.g. GET\), reload the page) A
0 -548 M
0.411658645 0 32 0 0 (without the authentication credential. If the request was non-idempotent \(e.g. POST\), keep the current) A
0 -561.2 M
4.08398438 0 32 0 0 (content as-is and simply forget the authentication status. The client SHOULD\240NOT replay a) A
0 -574.4 M
(non-idempotent request without the user's explicit approval. ) S
0 -598.6 M
0.97265625 0 32 0 0 (Web applications are encouraged to send this parameter with an appropriate value for any responses) A
0 -611.8 M
(\(except those with redirection \(3XX\) statuses\) for non-GET requests. ) S
0 -622.8 M
[/View [/XYZ -4 134.199829 null] /Dest /28 /DEST pdfmark
0 -622.8 M
[/View [/XYZ -4 134.199829 null] /Dest /29 /DEST pdfmark
0 -622.8 M
gsave
0 setgray
219.9 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 9 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 10 10
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -15.6 M
%%IncludeResource: font Times-Bold
13 2 Nf
(4.5.) S
[/View [/XYZ -4 757.0 null] /Dest /73 /DEST pdfmark
( ) S
(Logout-timeout) S
0 -39.8 M
%%IncludeResource: font Times-Roman
11 0 Nf
(Authentication-Control: Basic logout-timeout=300 ) S
0 -64 M
0.646484375 0 32 0 0 (The parameter "logout-timeout", when contained in a successfully-authenticated response, means that) A
0 -77.2 M
0.356201172 0 32 0 0 (any authentication credentials and states related to the current protection space are to be discarded if a) A
0 -90.4 M
0.153262869 0 32 0 0 (time specified in this header \(in seconds\) has been passed from the time received. The value MUST be) A
0 -103.6 M
0.00868055597 0 32 0 0 (an integer. As a special case, the value 0 means that the client is requested to immediately log-out from) A
0 -116.8 M
0.381975442 0 32 0 0 (the current authentication space and revert to an unauthenticated status. This does not, however, mean) A
0 -130 M
1.93108261 0 32 0 0 (that the long-term memories for the passwords \(such as the password reminders and auto fill-ins\)) A
0 -143.2 M
0.207720593 0 32 0 0 (should be removed. If a new timeout value is received for the same authentication space, it cancels the) A
0 -156.4 M
(previous timeout and sets a new timeout. ) S
0 -167.4 M
[/View [/XYZ -4 589.600037 null] /Dest /30 /DEST pdfmark
0 -167.4 M
[/View [/XYZ -4 589.600037 null] /Dest /31 /DEST pdfmark
0 -186.4 M
15 2 Nf
(5.) S
[/View [/XYZ -4 588.600037 null] /Dest /74 /DEST pdfmark
( Usage examples ) S
([TBD]) S
0 -210.6 M
11 0 Nf
([TBD]) S
0 -221.6 M
[/View [/XYZ -4 535.4 null] /Dest /32 /DEST pdfmark
0 -221.6 M
[/View [/XYZ -4 535.4 null] /Dest /33 /DEST pdfmark
0 -240.6 M
15 2 Nf
(6.) S
[/View [/XYZ -4 534.4 null] /Dest /75 /DEST pdfmark
( Methods to extend this ) S
(protocol) S
0 -264.8 M
11 0 Nf
1.88125 0 32 0 0 (If a private extension to this protocol is implemented, it MUST use the extension-param to avoid) A
0 -278 M
(conflicts with this protocol and other future official extensions. ) S
0 -302.2 M
1.36165369 0 32 0 0 (Extension-tokens MAY be freely used for any non-standard, private, and/or experimental uses. The) A
0 -315.4 M
0.280815959 0 32 0 0 (extension-tokens MUST be with format "-<bare-token>.<domain-name>", where <domain-name> is a) A
0 -328.6 M
0.729910731 0 32 0 0 (validly registered \(sub-\)domain name on the Internet owned by the party who defines the extensions.) A
0 -341.8 M
3.88912249 0 32 0 0 (Unknown parameter names are to be ignored regardless of whether it is extension-tokens or) A
0 -355 M
(bare-tokens. ) S
0 -366 M
[/View [/XYZ -4 390.999939 null] /Dest /34 /DEST pdfmark
0 -366 M
[/View [/XYZ -4 390.999939 null] /Dest /35 /DEST pdfmark
0 -385 M
15 2 Nf
(7.) S
[/View [/XYZ -4 389.999939 null] /Dest /76 /DEST pdfmark
( IANA ) S
(Considerations) S
0 -409.2 M
11 0 Nf
0.930338562 0 32 0 0 (Tokens used for the authentication control parameters may be either extension-tokens or bare-tokens) A
0 -422.4 M
1.16848958 0 32 0 0 (as outlined in ) A
gsave
newpath
65.5 -423.5 M
49.4882812 0 RL
stroke
grestore
1.16848958 0 32 0 0 (Section\2402.2) A
[/Rect [64.515625 -425.150085 116.003906 -413.050079] /Subtype /Link /Border [0 0 0] /Dest /11 /ANN pdfmark
1.16848958 0 32 0 0 (. When bare-tokens are used in this protocol, these MUST be allocated by) A
0 -435.6 M
1.37393463 0 32 0 0 (IANA. Any tokens used for non-private, non-experimental parameters are RECOMMENDED to be) A
0 -448.8 M
(registered to IANA, regardless of the kind of tokens used. ) S
0 -473 M
2.24389648 0 32 0 0 (To acquire registered tokens, a specification for the use of such tokens MUST be available as a) A
0 -486.2 M
(publicly-accessible documents, as outlined as "Specification Required" level in ) S
gsave
newpath
351 -487.3 M
50.1054688 0 RL
stroke
grestore
([RFC5226]) S
[/Rect [350.042969 -488.950134 402.148438 -476.850128] /Subtype /Link /Border [0 0 0] /Dest /44 /ANN pdfmark
(. ) S
0 -510.4 M
(Note: More formal declarations will be added in the future drafts to meet the RFC 5226 requirements. ) S
0 -521.4 M
[/View [/XYZ -4 235.599854 null] /Dest /36 /DEST pdfmark
0 -521.4 M
[/View [/XYZ -4 235.599854 null] /Dest /37 /DEST pdfmark
0 -540.4 M
15 2 Nf
(8.) S
[/View [/XYZ -4 234.599854 null] /Dest /77 /DEST pdfmark
( Security ) S
(Considerations) S
0 -564.6 M
11 0 Nf
0.845312476 0 32 0 0 (The purpose of the log-out timeout feature in the Authentication-control header is to protect users of) A
0 -577.8 M
3.95973563 0 32 0 0 (clients from impersonation caused by an attacker having access to the same console. Server) A
0 -591 M
2.29086542 0 32 0 0 (application implementors SHOULD be aware that the directive may always be ignored by either) A
0 -604.2 M
0.102539062 0 32 0 0 (malicious clients or clients not supporting this extension. If the purpose of introducing a timeout for an) A
0 -617.4 M
0.15384616 0 32 0 0 (authentication period is to protect server-side resources, such features MUST be implemented by other) A
0 -630.6 M
(means such as ) S
gsave
newpath
65.7 -631.7 M
30.2421875 0 RL
stroke
grestore
(HTTP ) S
gsave
newpath
95.9 -631.7 M
36.0507812 0 RL
stroke
grestore
(Cookies) S
[/Rect [64.6679688 -633.35022 132.960938 -621.250244] /Subtype /Link /Border [0 0 0] /Dest /47 /ANN pdfmark
( [RFC6265]. ) S
0 -630.6 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 10 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%Page: 11 11
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -13.2 M
%%IncludeResource: font Times-Roman
11 0 Nf
0.108984374 0 32 0 0 (All parameters in Authentication-Control header SHOULD\240NOT be used for any security-enforcement) A
0 -26.4 M
0.597330749 0 32 0 0 (purposes. Server-side applications MUST be implemented always considering that the header may be) A
0 -39.6 M
(either ignored by clients or even bypassed by users. ) S
0 -50.6 M
[/View [/XYZ -4 706.4 null] /Dest /38 /DEST pdfmark
0 -50.6 M
[/View [/XYZ -4 706.4 null] /Dest /39 /DEST pdfmark
0 -69.6 M
%%IncludeResource: font Times-Bold
15 2 Nf
(9.) S
[/View [/XYZ -4 705.4 null] /Dest /78 /DEST pdfmark
( ) S
(References) S
0 -77.1 M
[/View [/XYZ -4 679.9 null] /Dest /40 /DEST pdfmark
0 -95.6 M
13 2 Nf
(9.1.) S
[/View [/XYZ -4 677.0 null] /Dest /79 /DEST pdfmark
( Normative ) S
(References) S
8 -111.9 M
0.989558935 0.989558935 scale
-0.0 -11.0 RM
11 0 Nf
([I-D.ietf-httpbis-p1-messaging]) S
[/View [/XYZ -4 842 null] /Dest /41 /DEST pdfmark
1.01055121 1.01055121 scale
160.9 -122.9 M
(Fielding, R., Lafon, Y., and J. Reschke, ) S
(\233) S
gsave
newpath
342.6 -124 M
78.1992188 0 RL
stroke
grestore
(HTTP/1.1, part 1:) S
[/Rect [341.645477 -125.650009 421.844696 -113.550011] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p1-messaging-19.txt)] Cd /ANN pdfmark
160.9 -136.1 M
gsave
newpath
160.9 -137.2 M
149.066406 0 RL
stroke
grestore
(URIs, Connections, and Message ) S
gsave
newpath
310 -137.2 M
32.9882812 0 RL
stroke
grestore
(Parsing) S
[/Rect [159.891571 -138.85 343.946259 -126.750008] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p1-messaging-19.txt)] Cd /ANN pdfmark
(,\234) S
160.9 -149.3 M
(draft-ietf-httpbis-p1-messaging-19 \(work in progress\),) S
160.9 -162.5 M
(March\2402012 ) S
(\() S
gsave
newpath
220.8 -163.6 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [219.754852 -165.25 243.133759 -153.15] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p1-messaging-19.txt)] Cd /ANN pdfmark
(\).) S
8 -184.3 M
([I-D.ietf-httpbis-p7-auth]) S
[/View [/XYZ -4 842 null] /Dest /42 /DEST pdfmark
160.9 -184.3 M
(Fielding, R., Lafon, Y., and J. Reschke, ) S
(\233) S
gsave
newpath
342.6 -185.4 M
80.9492188 0 RL
stroke
grestore
(HTTP/1.1, part 7: ) S
[/Rect [341.645477 -187.000015 424.594696 -174.900009] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p7-auth-19.txt)] Cd /ANN pdfmark
160.9 -197.5 M
gsave
newpath
160.9 -198.6 M
65.3632812 0 RL
stroke
grestore
(Authentication) S
[/Rect [159.891571 -200.200012 227.254852 -188.1] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p7-auth-19.txt)] Cd /ANN pdfmark
(,\234 draft-ietf-httpbis-p7-auth-19 \(work in) S
160.9 -210.7 M
(progress\), March\2402012 ) S
(\() S
gsave
newpath
267.2 -211.8 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [266.172821 -213.400009 289.551727 -201.3] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-ietf-httpbis-p7-auth-19.txt)] Cd /ANN pdfmark
(\).) S
8 -232.4 M
([RFC2119]) S
[/View [/XYZ -4 842 null] /Dest /43 /DEST pdfmark
160.9 -232.4 M
gsave
newpath
160.9 -233.5 M
40.921875 0 RL
stroke
grestore
(Bradner, ) S
gsave
newpath
201.8 -233.5 M
8.86328125 0 RL
stroke
grestore
(S.) S
(, ) S
(\233) S
gsave
newpath
221.1 -233.5 M
169.523438 0 RL
stroke
grestore
(Key words for use in RFCs to Indicate) S
[/Rect [220.05954 -235.150009 391.582977 -223.05] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc2119)] Cd /ANN pdfmark
160.9 -245.6 M
gsave
newpath
160.9 -246.7 M
59.5585938 0 RL
stroke
grestore
(Requirement ) S
gsave
newpath
220.5 -246.7 M
29.3164062 0 RL
stroke
grestore
(Levels) S
[/Rect [159.891571 -248.35 250.766571 -236.25] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc2119)] Cd /ANN pdfmark
(,\234 BCP\24014, RFC\2402119, March\2401997 ) S
(\() S
gsave
newpath
411.1 -246.7 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [410.082977 -248.35 433.461884 -236.25] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc2119.txt)] Cd /ANN pdfmark
(, ) S
160.9 -258.8 M
gsave
newpath
160.9 -259.9 M
31.15625 0 RL
stroke
grestore
(HTML) S
[/Rect [159.891571 -261.550018 193.047821 -249.450012] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/html/rfc2119.html)] Cd /ANN pdfmark
(, ) S
gsave
newpath
197.5 -259.9 M
24.4375 0 RL
stroke
grestore
(XML) S
[/Rect [196.547821 -261.550018 222.985321 -249.450012] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://xml.resource.org/public/rfc/xml/rfc2119.xml)] Cd /ANN pdfmark
(\).) S
8 -280.6 M
([RFC5226]) S
[/View [/XYZ -4 842 null] /Dest /44 /DEST pdfmark
160.9 -280.6 M
(Narten, T. and H. Alvestrand, ) S
(\233) S
gsave
newpath
299.2 -281.6 M
113.308594 0 RL
stroke
grestore
(Guidelines for Writing an) S
[/Rect [298.243134 -283.3 413.551727 -271.199982] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc5226)] Cd /ANN pdfmark
160.9 -293.8 M
gsave
newpath
160.9 -294.9 M
146.007812 0 RL
stroke
grestore
(IANA Considerations Section in ) S
gsave
newpath
306.9 -294.9 M
25.0625 0 RL
stroke
grestore
(RFCs) S
[/Rect [159.891571 -296.5 332.961884 -284.4] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc5226)] Cd /ANN pdfmark
(,\234 BCP\24026, RFC\2405226,) S
160.9 -307 M
(May\2402008 ) S
(\() S
gsave
newpath
212.2 -308.1 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [211.211884 -309.7 234.59079 -297.6] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc5226.txt)] Cd /ANN pdfmark
(\).) S
0 -326.7 M
[/View [/XYZ -4 430.3 null] /Dest /45 /DEST pdfmark
0 -342.3 M
13 2 Nf
(9.2.) S
[/View [/XYZ -4 430.3 null] /Dest /80 /DEST pdfmark
( Informative ) S
(References) S
8 -358.6 M
0.989494383 0.989494383 scale
-0.0 -11.0 RM
11 0 Nf
([I-D.oiwa-http-mutualauth]) S
[/View [/XYZ -4 842 null] /Dest /46 /DEST pdfmark
1.01061714 1.01061714 scale
143.4 -369.6 M
(Oiwa, Y., ) S
(\233) S
gsave
newpath
193.8 -370.7 M
158.21875 0 RL
stroke
grestore
(Mutual Authentication Protocol for ) S
gsave
newpath
352 -370.7 M
27.4921875 0 RL
stroke
grestore
(HTTP) S
[/Rect [192.752289 -372.35 380.463226 -360.25] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-oiwa-http-mutualauth-10.txt)] Cd /ANN pdfmark
(,\234) S
143.4 -382.8 M
(draft-oiwa-http-mutualauth-10 \(work in progress\), October\2402011 ) S
143.4 -396 M
(\() S
gsave
newpath
147 -397.1 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [146.017914 -398.750031 169.39682 -386.650024] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-oiwa-http-mutualauth-10.txt)] Cd /ANN pdfmark
(, ) S
gsave
newpath
173.9 -397.1 M
20.1679688 0 RL
stroke
grestore
(PDF) S
[/Rect [172.89682 -398.750031 195.064789 -386.650024] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.ietf.org/internet-drafts/draft-oiwa-http-mutualauth-10.pdf)] Cd /ANN pdfmark
(\).) S
8 -417.8 M
([RFC6265]) S
[/View [/XYZ -4 842 null] /Dest /47 /DEST pdfmark
143.4 -417.8 M
(Barth, A., ) S
(\233) S
gsave
newpath
194.4 -418.9 M
115.148438 0 RL
stroke
grestore
(HTTP State Management ) S
gsave
newpath
309.5 -418.9 M
51.3125 0 RL
stroke
grestore
(Mechanism) S
[/Rect [193.36557 -420.5 361.826508 -408.4] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://tools.ietf.org/html/rfc6265)] Cd /ANN pdfmark
(,\234 RFC\2406265,) S
143.4 -431 M
(April\2402011 ) S
(\() S
gsave
newpath
197.7 -432.1 M
21.3789062 0 RL
stroke
grestore
(TXT) S
[/Rect [196.728851 -433.7 220.107758 -421.6] /Subtype /Link /Border [0 0 0] /Action [/Subtype /URI /URI (http://www.rfc-editor.org/rfc/rfc6265.txt)] Cd /ANN pdfmark
(\).) S
0 -450.7 M
[/View [/XYZ -4 306.3 null] /Dest /48 /DEST pdfmark
0 -469.7 M
15 2 Nf
(Appendix) S
[/View [/XYZ -4 305.3 null] /Dest /81 /DEST pdfmark
( A. \(Informative\) Applicability of features for each ) S
(messages) S
0 -493.9 M
11 0 Nf
3.06933594 0 32 0 0 (This section provides cross-reference table about applicability of each features provided in this) A
0 -507.1 M
0.294010431 0 32 0 0 (specification for each kinds of responses described in ) A
gsave
newpath
239.9 -508.2 M
49.4882812 0 RL
stroke
grestore
0.294010431 0 32 0 0 (Section\2402.1) A
[/Rect [238.945312 -509.850037 290.433594 -497.750031] /Subtype /Link /Border [0 0 0] /Dest /8 /ANN pdfmark
0.294010431 0 32 0 0 (. The table provided in this section is) A
0 -520.3 M
(for informative purposes only. ) S
201 -548.6 M
11 2 Nf
(init.) S
225.7 -548.6 M
11 2 Nf
(success.) S
268.2 -548.6 M
11 2 Nf
(intermed.) S
319.8 -548.6 M
11 2 Nf
(neg.) S
114.9 -568.4 M
11 0 Nf
(Optional ) S
(auth.) S
201 -568.4 M
(O) S
225.7 -568.4 M
(n) S
268.2 -568.4 M
(N) S
319.8 -568.4 M
(N) S
114.9 -588.1 M
(auth-style) S
201 -588.1 M
(O) S
225.7 -588.1 M
(-) S
268.2 -588.1 M
(-) S
319.8 -588.1 M
(O) S
114.9 -607.9 M
(loc.-when-unauth.) S
201 -607.9 M
(O) S
225.7 -607.9 M
(I) S
268.2 -607.9 M
(I) S
319.8 -607.9 M
(i) S
114.9 -627.6 M
(no-auth) S
201 -627.6 M
(O) S
225.7 -627.6 M
(I) S
268.2 -627.6 M
(I) S
319.8 -627.6 M
(i) S
114.9 -647.4 M
(loc.-when-logout) S
201 -647.4 M
(-) S
225.7 -647.4 M
(O) S
268.2 -647.4 M
(-) S
319.8 -647.4 M
(-) S
319.8 -647.4 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 11 -) S
0 setgray
639.6 -8 M
grestore
pgsave restore N
%%Page: 12 12
%%PageResources: font Times-Roman Times-Bold Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
114.9 -14 M
%%IncludeResource: font Times-Roman
11 0 Nf
(logout-timeout) S
201 -14 M
(-) S
225.7 -14 M
(O) S
268.2 -14 M
(-) S
319.8 -14 M
(-) S
0 -44 M
11 0 Nf
(Legends: ) S
0 -57.2 M
(O = MAY contain; n = SHOULD\240NOT contain; N = MUST\240NOT ) S
(contain) S
0 -70.4 M
(i = SHOULD be ignored; I = MUST be ) S
(ignored;) S
0 -83.6 M
(- = meaningless \(to be ) S
(ignored\)) S
0 -94.5 M
[/View [/XYZ -4 662.45 null] /Dest /49 /DEST pdfmark
0 -94.5 M
[/View [/XYZ -4 662.45 null] /Dest /50 /DEST pdfmark
0 -113.5 M
%%IncludeResource: font Times-Bold
15 2 Nf
(Appendix) S
[/View [/XYZ -4 661.45 null] /Dest /82 /DEST pdfmark
( B. \(Informative\) Draft ) S
(Notes) S
0 -137.8 M
11 0 Nf
(Things which might be considered for future revisions: ) S
11 -158.3 M
gsave
0 setgray
newpath
11.0 -158.32 2.75 0 360 arc
closepath
fill
grestore
22 -161.9 M
1.27517366 0 32 0 0 (In ) A
gsave
newpath
35.2 -163.1 M
110.84375 0 RL
stroke
grestore
1.27517366 0 32 0 0 ([I-D.ietf-httpbis-p7-auth]) A
[/Rect [34.1835938 -164.7 147.027344 -152.599991] /Subtype /Link /Border [0 0 0] /Dest /42 /ANN pdfmark
1.27517366 0 32 0 0 (, meaning of WWW-Authenticate headers in non-401 responses are) A
22 -175.2 M
2.97691751 0 32 0 0 (defined as "supplying credentials \(or different credentials\) might affect the response". This) A
22 -188.4 M
8.48188877 0 32 0 0 (clarification change leaves a way for using 200-status responses along with a) A
22 -201.5 M
(WWW-Authenticate header for providing optional ) S
(authentication.) S
22 -214.7 M
0.773112 0 32 0 0 (Incorporating this possibility, however, needs more detailed analysis on the behavior of existing) A
22 -227.9 M
(clients and intermediate proxies for such possibly-confusing responses.) S
22 -241.1 M
2.22395825 0 32 0 0 (Optional-WWW-Authenticate is safer, at least for minimum backward compatibility, because) A
22 -254.3 M
1.00325525 0 32 0 0 (clients not supporting this extension will consider this header as an unrecognized entity-header,) A
22 -267.5 M
(possibly providing opportunity for silently falling-back to application-level authentications. ) S
0 -278.6 M
[/View [/XYZ -4 478.45 null] /Dest /51 /DEST pdfmark
0 -278.6 M
[/View [/XYZ -4 478.45 null] /Dest /52 /DEST pdfmark
0 -297.6 M
15 2 Nf
(Appendix) S
[/View [/XYZ -4 477.45 null] /Dest /83 /DEST pdfmark
( C. \(Informative\) Draft Change ) S
(Log) S
0 -305.1 M
[/View [/XYZ -4 451.95 null] /Dest /53 /DEST pdfmark
0 -305.1 M
[/View [/XYZ -4 451.95 null] /Dest /54 /DEST pdfmark
0 -327.6 M
15 2 Nf
(C.1.) S
[/View [/XYZ -4 447.45 null] /Dest /84 /DEST pdfmark
( Changes in revision ) S
(00) S
11 -348.1 M
gsave
0 setgray
newpath
11.0 -348.12 2.75 0 360 arc
closepath
fill
grestore
22 -351.8 M
11 0 Nf
(Separated from HTTP Mutual authentication proposal \(-09\). ) S
11 -362.3 M
gsave
0 setgray
newpath
11.0 -362.32 2.75 0 360 arc
closepath
fill
grestore
22 -365.9 M
(Adopting httpbis works as a referencing point to HTTP. ) S
11 -376.5 M
gsave
0 setgray
newpath
11.0 -376.52002 2.75 0 360 arc
closepath
fill
grestore
22 -380.2 M
(Generalized, now applicable for all HTTP authentication schemes. ) S
11 -390.7 M
gsave
0 setgray
newpath
11.0 -390.720032 2.75 0 360 arc
closepath
fill
grestore
22 -394.4 M
(Added "no-auth" and "auth-style" parameters. ) S
11 -404.9 M
gsave
0 setgray
newpath
11.0 -404.920044 2.75 0 360 arc
closepath
fill
grestore
22 -408.6 M
(Loosened standardization requirements for parameter-name tokens ) S
(registration.) S
0 -419.6 M
[/View [/XYZ -4 337.449951 null] /Dest /55 /DEST pdfmark
0 -438.6 M
15 2 Nf
(Authors') S
[/View [/XYZ -4 336.449951 null] /Dest /85 /DEST pdfmark
( ) S
(Addresses) S
0 -463.9 M
11 0 Nf
(\240) S
44.6 -463.9 M
(Yutaka ) S
(Oiwa) S
0 -477.6 M
(\240) S
44.6 -477.6 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -491.4 M
(\240) S
44.6 -491.4 M
(Research Institute for Secure ) S
(Systems) S
0 -505.1 M
(\240) S
44.6 -505.1 M
(Tsukuba Central ) S
(2) S
0 -518.9 M
(\240) S
44.6 -518.9 M
(1-1-1 ) S
(Umezono) S
0 -532.6 M
(\240) S
44.6 -532.6 M
(Tsukuba-shi, ) S
(Ibaraki) S
0 -546.4 M
(\240) S
44.6 -546.4 M
(JP) S
12.6 -560.1 M
(Email:\240) S
44.6 -560.1 M
gsave
newpath
44.6 -561.2 M
154.285156 0 RL
stroke
grestore
(mutual-auth-contact-ml@aist.go.jp) S
0 -573.9 M
(\240) S
44.6 -573.9 M
(\240) S
0 -587.6 M
(\240) S
44.6 -587.6 M
(Hajime ) S
(Watanabe) S
0 -601.4 M
(\240) S
44.6 -601.4 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -615.1 M
(\240) S
44.6 -615.1 M
(\240) S
0 -628.9 M
(\240) S
44.6 -628.9 M
(Hiromitsu ) S
(Takagi) S
0 -642.6 M
(\240) S
44.6 -642.6 M
(National Institute of Advanced Industrial Science and ) S
(Technology) S
0 -656.4 M
(\240) S
44.6 -656.4 M
(\240) S
44.6 -656.4 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 12 -) S
0 setgray
89.3 -8 M
grestore
pgsave restore N
%%Page: 13 13
%%PageResources: font Times-Roman Helvetica
%%BeginPageSetup
/pgsave save D
71 757 translate
%%EndPageSetup
0 0 M
0.6 setlinewidth
0 -11 M
%%IncludeResource: font Times-Roman
11 0 Nf
(\240) S
44.6 -11 M
(Boku ) S
(Kihara) S
0 -24.8 M
(\240) S
44.6 -24.8 M
(Lepidum Co. ) S
(Ltd.) S
0 -38.5 M
(\240) S
44.6 -38.5 M
(#602, Village Sasazuka ) S
(3) S
0 -52.2 M
(\240) S
44.6 -52.2 M
(1-30-3 ) S
(Sasazuka) S
0 -66 M
(\240) S
44.6 -66 M
(Shibuya-ku, ) S
(Tokyo) S
0 -79.8 M
(\240) S
44.6 -79.8 M
(JP) S
0 -93.5 M
(\240) S
44.6 -93.5 M
(\240) S
0 -107.2 M
(\240) S
44.6 -107.2 M
(Tatsuya ) S
(Hayashi) S
0 -121 M
(\240) S
44.6 -121 M
(Lepidum Co. ) S
(Ltd.) S
0 -134.8 M
(\240) S
44.6 -134.8 M
(\240) S
0 -148.5 M
(\240) S
44.6 -148.5 M
(Yuichi ) S
(Ioku) S
0 -162.2 M
(\240) S
44.6 -162.2 M
(Yahoo! Japan, ) S
(Inc.) S
0 -176 M
(\240) S
44.6 -176 M
(Midtown ) S
(Tower) S
0 -189.8 M
(\240) S
44.6 -189.8 M
(9-7-1 ) S
(Akasaka) S
0 -203.5 M
(\240) S
44.6 -203.5 M
(Minato-ku, ) S
(Tokyo) S
0 -217.2 M
(\240) S
44.6 -217.2 M
(JP) S
0 -231 M
gsave
0 setgray
217.7 -712 M
%%IncludeResource: font Helvetica
8 8 Nf
(- 13 -) S
0 setgray
0 -8 M
grestore
pgsave restore N
%%EOF
| PAFTECH AB 2003-2026 | 2026-04-24 17:52:45 |