Internet-Draft | Link relationship types for authenticati | March 2024 |
Pot | Expires 5 September 2024 | [Page] |
- Workgroup:
- HTTPAPI
- Internet-Draft:
- draft-ietf-httpapi-authentication-link-01
- Published:
- Intended Status:
- Standards Track
- Expires:
Link relationship types for authentication
Abstract
This specification defines a set of relationships that may be used to indicate where a user may authenticate, log out, register a new account or find out who is currently authenticated.¶
Status of This Memo
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 5 September 2024.¶
Copyright Notice
Copyright (c) 2024 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
1. Introduction
[RFC8288] defines a framework and registry for Link Relationships types.
This specification defines a set of new relationship types to aid clients
in discovering endpoints for authentication and registration:
authenticate
, authenticated-as
, logout
and register-user
.¶
1.1. Usage examples
1.1.1. Browsers
Many websites already provide these features. If these links are annotated with a standard relationship type, it might allow browser extensions to automatically discover these and present them in new ways. It could for example show a browser-level logout button.¶
Link relationships such as these could appear on any page where Sign in, Register, Log in or Log out features exist.¶
1.1.2. Web services
Many webservices provide a resource to discover more information about the authenticated entity. Creating standard link relationships might allow a generic client to discover information about the currently logged in user.¶
Similarly, an authenticate
link could allow a generic client to find
an OAuth2 Authorization endpoint.¶
This link relationship could appear on any API endpoint where this might be relevant, or it might just show up on central endpoint discovery document.¶
2. authenticate
The authenticate
can be used to link to a resource that hosts
a page where a user can authenticate itself for the current resource.¶
For example, this link might refer to a HTML login page.¶
Example:¶
<a href="/login" rel="authenticate">Login</a>¶
3. authenticated-as
The authenticated-as
link refers to a resource that describes the effective
authenticated user for a HTTP response.¶
Following this link might allow a client to answer the question 'who am I?'. This might link to a user profile page, or it might link to an API that returns a JSON response with user information.¶
Example:¶
Link: <https://api.example.org/users/123-abc>; rel="authenticated-as"¶
4. logout
The logout
refers to a resource where an authenticated user
might end their session.¶
In a browser this might clear cookies, or in the case of OAuth2 it could revoke any active authentication tokens.¶
5. register-user
The register-user
Link Relation refers to a resource where a user might
sign up for a service for the context URI.¶
The linked resource might contain a HTML registration form, or otherwise instructions that allow a client to find out how to sign up for the service.¶
6. IANA considerations
This document defines authenticate
, authenticated-as
, logout
and
register-user
link relation types and adds them to the "Link Relations"
registry:¶
7. Normative References
- [RFC8288]
- Nottingham, M., "Web Linking", RFC 8288, DOI 10.17487/RFC8288, , <https://www.rfc-editor.org/rfc/rfc8288>.
Appendix A. Changelog
A.1. Changes since -00
-
More examples and clarifications¶