[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

I-D Action: draft-williams-http-rest-auth-01.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title           : RESTful Authentication Pattern for the Hypertext Transport Protocol (HTTP)
	Author(s)       : Nicolas Williams
	Filename        : draft-williams-http-rest-auth-01.txt
	Pages           : 22
	Date            : 2012-08-13

Abstract:
   This document proposes a "RESTful" pattern of authentication for
   HTTP/1.0, 1.1, and 2.0.  The existing 401 status code and WWW-
   Authenticate header are used to indicate that authentication is
   required and for negotiation purposes.  The client POSTs an initial
   authentication message to an indicated login URI, and reply messages
   are returned as new representations of a session resource named by a
   session URI.

   This approach has a number of benefits: it can be implemented with or
   without help from the HTTP stack, it can be universally implemented
   on the server side using the Common Information Gateway (CGI) and
   FastCGI, it results in a session Uniform Resource Identifier (URI)
   that can be DELETEd to logout, it is completely orthogonal to any
   HTTP "routers" and proxies, and it naturally (i.e., without changing
   HTTP) handles multi-legged authentication mechanisms.

   Among other features supported are: channel binding, an optional
   round trip optimization for challenge/response mechanisms, some
   cryptographic protection options for clients that don't use Transport
   Layer Security (TLS), stronger authentication of servers/services to
   users (where authentication mechanisms provide that) and more.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-williams-http-rest-auth

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-williams-http-rest-auth-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-williams-http-rest-auth-01


Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
I-D-Announce mailing list
I-D-Announce@ietf.org
https://www.ietf.org/mailman/listinfo/i-d-announce
Internet-Draft directories: http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt

[IETF]     [IETF Discussion]     [Linux]     [Home]