An Extension of the HTTP Authentication Scheme To Support Server Groups

Document Type Expired Internet-Draft (individual)
Last updated 1996-03-20
Stream (None)
Intended RFC status (None)
Expired & archived
plain text pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document motivates and describes an extension to HTTP which allows protection spaces to be extended across multiple servers residing in possibly different domains. These servers form groups that allow browsers to obtain authentication information from a user just once while accessing information on any one server cooperating in such a group. To achieve this behavior, the HTTP WWW-Authenticate header information must be extended. This approach is independent of the authentication scheme, but is most scalable in conjunction with a trusted third party authentication scheme, such as the proposed Mediated Digest Authentication.


(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)