The 'Basic' HTTP Authentication Scheme
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, httpauth mailing list <email@example.com>, httpauth chair <firstname.lastname@example.org> Subject: Protocol Action: 'The 'Basic' HTTP Authentication Scheme' to Proposed Standard (draft-ietf-httpauth-basicauth-update-07.txt) The IESG has approved the following document: - 'The 'Basic' HTTP Authentication Scheme' (draft-ietf-httpauth-basicauth-update-07.txt) as Proposed Standard This document is the product of the Hypertext Transfer Protocol Authentication Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-httpauth-basicauth-update/
Technical Summary This document defines the "Basic" Hypertext Transfer Protocol (HTTP) Authentication Scheme, which transmits credentials as userid/password pairs, Base64 encoded. The "Basic" scheme previously was defined in Section 2 of [RFC2617]. This document updates the definition, and also addresses internationalization issues by introducing the "charset" authentication parameter (Section 2.1). This version details all of the known security issues and explicitly discourages it's use when a more secure type of authentication should be used. Working Group Summary This document is part of a set of documents that includes HTTP Digest and RFC7235 to collectively obsolete RFC 2617. As such, this draft describes existing practice, with an update to add support for internationalization: o A new charset parameter with UTF-8 as the only valid value. o A normative reference to the precis draft for valid characters. o Appendix B with deployment considerations for co-existing with legacy implementations. With version -07 it is the consensus of the HTTP-Auth working group that this document is fit to be published as a standards-track RFC. Document Quality There are a few implementations of this specification, and they have been tested and shown to interoperate with the large install base of web browsers and web servers. Personnel Kathleen Moriarty is the responsible Area Director. Yoav Nir is the document shepherd. IANA Note IANA maintains the registry of HTTP Authentication Schemes ([RFC7235]) at <http://www.iana.org/assignments/http-authschemes> and the entry for the "Basic" Authentication Scheme is to be updated with a pointer to this specification.