HTTP Authentication Extensions for Interactive Clients

The information below is for an old version of the document
Document Type Expired Internet-Draft (httpauth WG)
Authors Yutaka Oiwa  , Hajime Watanabe  , Hiromitsu Takagi  , Tatsuya Hayashi  , Yuichi Ioku 
Last updated 2014-04-24 (latest revision 2013-10-21)
Stream Internet Engineering Task Force (IETF)
Expired & archived
pdf htmlized bibtex
Additional Resources
- Mailing list discussion
Stream WG state WG Document
Document shepherd None
IESG IESG state Expired
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document specifies a few extensions of HTTP authentication framework for interactive clients. Recently, fundamental features of HTTP-level authentication is not enough for complex requirements of various Web-based applications. This makes these applications to implement their own authentication frameworks using HTML Forms and other means, which becomes one of the hurdles against introducing secure authentication mechanisms handled jointly by servers and user- agent clients. The extended framework fills gaps between Web application requirements and HTTP authentication provisions to solve the above problems, while maintaining compatibility against existing Web and non-Web uses of HTTP authentications.


Yutaka Oiwa (
Hajime Watanabe
Hiromitsu Takagi
Tatsuya Hayashi
Yuichi Ioku

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)