Technical Summary
This document defines the "Basic" Hypertext Transfer Protocol (HTTP)
Authentication Scheme, which transmits credentials as userid/password
pairs, Base64 encoded. The "Basic" scheme previously was defined in
Section 2 of [RFC2617]. This document updates the definition, and also
addresses internationalization issues by introducing the "charset"
authentication parameter (Section 2.1).
This version details all of the known security issues and explicitly
discourages it's use when a more secure type of authentication
should be used.
Working Group Summary
This document is part of a set of documents that includes HTTP Digest
and RFC7235 to collectively obsolete RFC 2617. As such, this draft
describes existing practice, with an update to add support for
internationalization:
o A new charset parameter with UTF-8 as the only valid value.
o A normative reference to the precis draft for valid characters.
o Appendix B with deployment considerations for co-existing with
legacy implementations.
With version -07 it is the consensus of the HTTP-Auth working group
that this document is fit to be published as a standards-track RFC.
Document Quality
There are a few implementations of this specification, and they have
been tested and shown to interoperate with the large install base of
web browsers and web servers.
Personnel
Kathleen Moriarty is the responsible Area Director.
Yoav Nir is the document shepherd.
IANA Note
IANA maintains the registry of HTTP Authentication Schemes
([RFC7235]) at <http://www.iana.org/assignments/http-authschemes>
and the entry for the "Basic" Authentication Scheme is to be updated with
a pointer to this specification.