Skip to main content


The information below is for an old version of the document.
Document Type
This is an older version of an Internet-Draft whose latest revision state is "Expired".
Expired & archived
Authors Tatsuya Hayashi , Yuichi Ioku , Boku Kihara, Yutaka Oiwa , Hiromitsu Takagi , Hajime Watanabe
Last updated 2012-04-26 (Latest revision 2011-10-24)
RFC stream (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document specifies an extension of HTTP authentication framework for use with interactive clients. Recently, the fundamental features of HTTP-level authentication is not enough for complex requirements of various Web-based applications. This makes these applications to implement their own authentication frameworks using HTML Forms and other means, which becomes one of the hurdles against introducing secure authentication mechanisms handled jointly by servers and user- agent clients. The extended framework fills gaps between Web application requirements and HTTP authentication provisions to solve the above problems, while maintaining some upper-compatibility against existing Web and non-Web uses of HTTP authentications.


Tatsuya Hayashi
Yuichi Ioku
Boku Kihara
Yutaka Oiwa
Hiromitsu Takagi
Hajime Watanabe

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)