The 'Basic' HTTP Authentication Scheme
draft-ietf-httpauth-basicauth-update-03

The information below is for an old version of the document
Document Type Active Internet-Draft (httpauth WG)
Last updated 2014-12-02
Stream IETF
Intended RFC status Proposed Standard
Formats plain text pdf html bibtex
Stream WG state In WG Last Call
Document shepherd Yoav Nir
IESG IESG state I-D Exists
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to "Yoav Nir" <ynir.ietf@gmail.com>
HTTPAuth Working Group                                        J. Reschke
Internet-Draft                                                greenbytes
Obsoletes: 2617 (if approved)                           December 2, 2014
Intended status: Standards Track
Expires: June 5, 2015

                 The 'Basic' HTTP Authentication Scheme
                draft-ietf-httpauth-basicauth-update-03

Abstract

   This document defines the "Basic" Hypertext Transfer Protocol (HTTP)
   Authentication Scheme, which transmits credentials as userid/password
   pairs, obfuscated by the use of Base64 encoding.

Editorial Note (To be removed by RFC Editor before publication)

   Discussion of this draft takes place on the HTTPAuth working group
   mailing list (http-auth@ietf.org), which is archived at <http://
   www.ietf.org/mail-archive/web/http-auth/current/maillist.html>.

   XML versions, latest edits and the issues list for this document are
   available from <http://greenbytes.de/tech/
   webdav/#draft-ietf-httpauth-basicauth-update>.

   The changes in this draft are summarized in Appendix C.4.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on June 5, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the

Reschke                   Expires June 5, 2015                  [Page 1]
Internet-Draft     'Basic' HTTP Authentication Scheme      December 2014

   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

   This document may contain material from IETF Documents or IETF
   Contributions published or made publicly available before November
   10, 2008.  The person(s) controlling the copyright in some of this
   material may not have granted the IETF Trust the right to allow
   modifications of such material outside the IETF Standards Process.
   Without obtaining an adequate license from the person(s) controlling
   the copyright in such materials, this document may not be modified
   outside the IETF Standards Process, and derivative works of it may
   not be created outside the IETF Standards Process, except to format
   it for publication as an RFC or to translate it into languages other
   than English.

Reschke                   Expires June 5, 2015                  [Page 2]
Internet-Draft     'Basic' HTTP Authentication Scheme      December 2014

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Notational Conventions . . . . . . . . . . . . . . . . . .  4
       1.1.1.  Syntax Notation  . . . . . . . . . . . . . . . . . . .  4
   2.  The 'Basic' Authentication Scheme  . . . . . . . . . . . . . .  4
     2.1.  The 'charset' auth-param . . . . . . . . . . . . . . . . .  6
     2.2.  Re-using Credentials . . . . . . . . . . . . . . . . . . .  8
   3.  Internationalization Considerations  . . . . . . . . . . . . .  8
   4.  Security Considerations  . . . . . . . . . . . . . . . . . . .  9
   5.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10
   6.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 10
   7.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     7.1.  Normative References . . . . . . . . . . . . . . . . . . . 11
     7.2.  Informative References . . . . . . . . . . . . . . . . . . 12
   Appendix A.  Changes from RFC 2617 . . . . . . . . . . . . . . . . 12
   Appendix B.  Deployment Considerations for the 'charset'
                Parameter . . . . . . . . . . . . . . . . . . . . . . 12
     B.1.  User Agents  . . . . . . . . . . . . . . . . . . . . . . . 12
     B.2.  Origin Servers . . . . . . . . . . . . . . . . . . . . . . 13
     B.3.  Why not simply switch the default encoding to UTF-8? . . . 13
   Appendix C.  Change Log (to be removed by RFC Editor before
Show full document text