Document Shepherd: Mark Nottingham
Responsible Area Director: Barry Leiba
Publication Type: Proposed Standard
The Hypertext Transfer Protocol (HTTP) is an application-level protocol for
distributed, collaborative, hypermedia information systems. This document
defines the HTTP Authentication framework.
Note that this document is part of a set, which should be reviewed together:
2. Review and Consensus
As chartered, this work was very constrained; the WG sought only to clarify
RFC2616, making significant technical changes only where there were
considerably interoperability or security issues.
While the bulk of the work was done by a core team of editors, it has been
reviewed by a substantial number of implementers, and design issues enjoyed
input from many of them.
It has been through two Working Group Last Calls, with multiple reviewers each
time. We have also discussed this work with external groups (e.g., the W3C TAG).
3. Intellectual Property
There are no IPR disclosures against this document (one was previously made,
but "removed at the submitter's request"). The authors have confirmed that they
have no direct, personal knowledge of IPR related to this document that has not
4. Other Points
Downward references: None.
New registries created:
* The Authentication Scheme Registry policy is IETF Review. This policy was
chosen to ensure adequate security review.
Updated registries: None.