HTTP Authentication Extensions for Interactive Clients
RFC 8053

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: "IETF-Announce" <ietf-announce@ietf.org>
Cc: "Yoav Nir" <ynir.ietf@gmail.com>, ynir.ietf@gmail.com, httpauth-chairs@ietf.org, Kathleen.Moriarty.ietf@gmail.com, http-auth@ietf.org, draft-ietf-httpauth-extension@ietf.org, "The IESG" <iesg@ietf.org>, rfc-editor@rfc-editor.org
Subject: Document Action: 'HTTP Authentication Extensions for Interactive Clients' to Experimental RFC (draft-ietf-httpauth-extension-09.txt)

The IESG has approved the following document:
- 'HTTP Authentication Extensions for Interactive Clients'
  (draft-ietf-httpauth-extension-09.txt) as Experimental RFC

This document is the product of the Hypertext Transfer Protocol
Authentication Working Group.

The IESG contact persons are Stephen Farrell and Kathleen Moriarty.

A URL of this Internet Draft is:
https://datatracker.ietf.org/doc/draft-ietf-httpauth-extension/


Technical Summary

   This document specifies extensions for the HTTP authentication
   framework for interactive clients.  Currently, fundamental features
   of HTTP-level authentication are insufficient for complex
   requirements of various Web-based applications.  This forces these
   applications to implement their own authentication frameworks by
   means like HTML forms, which becomes one of the hurdles against
   introducing secure authentication mechanisms handled jointly by
   servers and user-agent.  The extended framework fills gaps between
   Web application requirements and HTTP authentication provisions to
   solve the above problems, while maintaining compatibility with
   existing Web and non-Web uses of HTTP authentications.

   This document is one in a three-part set of documents describing the
   Mutual-Auth authentication method for HTTP. This part extends the HTTP
   authentication framework from RFC 7235 to include optional 
   authentication as well as de-authorization (log out) and finer control
   of redirection depending on authentication status.

Working Group Summary

   With version -07 it is the consensus of the HTTP-Auth working group 
   that this document is fit to be published as an experimental RFC.
   The document received a moderate amount of review from the working 
   group. In addition we solicited and received a review from Cory 
   Benfield.

Document Quality

   There are implementations of this protocol written by the authors.
   They take the form of a modified web server and a fork of the Firefox
   browser that include this functionality.

Personnel

   Yoav Nir is the Document Shepherd and 
   Kathleen Moriarty is the Responsible Area Director

IANA Note

 This document establishes a registry with initial entries for HTTP authentication 
 control parameters.  New entries to this registry are by "Specification Required"
 described in [RFC5226].  The specification must be publicly accessible. 

This document also defines two new entries for the "Permanent Message
 Header Field Names" registry