Sign in
Version 5.13.0, 2015-03-25
Report a bug

HTTP Authentication Extensions for Interactive Clients

Document type: Expired Internet-Draft (candidate for httpauth WG)
Document stream: IETF
Last updated: 2013-04-10 (latest revision 2012-06-04)
Intended RFC status: Unknown
Other versions: (expired, archived): plain text, pdf, html

IETF State: Call For Adoption By WG Issued
Document shepherd: No shepherd assigned

IESG State: Expired
Responsible AD: (None)
Send notices to: No addresses provided

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found here:


This document specifies a few extensions of HTTP authentication framework for interactive clients. Recently, fundamental features of HTTP-level authentication is not enough for complex requirements of various Web-based applications. This makes these applications to implement their own authentication frameworks using HTML Forms and other means, which becomes one of the hurdles against introducing secure authentication mechanisms handled jointly by servers and user- agent clients. The extended framework fills gaps between Web application requirements and HTTP authentication provisions to solve the above problems, while maintaining compatibility against existing Web and non-Web uses of HTTP authentications.


Yutaka Oiwa <>
Hajime Watanabe
Hiromitsu Takagi
Boku Kihara
Yuichi Ioku

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid)