Skip to main content

Shepherd writeup
draft-ietf-httpauth-extension

Authors are Yutaka Oiwa, Hajime Watanabe, Hiromitsu Takagi, Tatsuya 
Hayashi and Yuichi Ioku. Kathleen Moriarty is the responsible Area 
Director. Yoav Nir is the document shepherd.

Summary
   This document specifies extensions for the HTTP authentication
   framework for interactive clients.  Currently, fundamental features
   of HTTP-level authentication are insufficient for complex
   requirements of various Web-based applications.  This forces these
   applications to implement their own authentication frameworks by
   means like HTML forms, which becomes one of the hurdles against
   introducing secure authentication mechanisms handled jointly by
   servers and user-agent.  The extended framework fills gaps between
   Web application requirements and HTTP authentication provisions to
   solve the above problems, while maintaining compatibility with
   existing Web and non-Web uses of HTTP authentications.
   
Review and Consensus
   This document is one in a three-part set of documents describing the
   Mutual-Auth authentication method for HTTP. This part extends the HTTP
   authentication framework from RFC 7235 to include optional 
   authentication as well as de-authorization (log out) and finer control
   of redirection depending on authentication status.

   With version -07 it is the consensus of the HTTP-Auth working group 
   that this document is fit to be published as an experimental RFC.
   The document received a moderate amount of review from the working 
   group. In addition we solicited and received a review from Cory 
   Benfield.
   
   There are implementations of this protocol written by the authors.
   They take the form of a modified web server and a fork of the Firefox
   browser that include this functionality.
   
Intellectual Property
   All authors have confirmed that they are not aware of any undisclosed 
   IPR associated with this document. There have been no IPR disclosures.
   
Other Issues
   None
Back