Re: [dispatch] SASL Authentication for HTTP
Rick van Rein <rick@openfortress.nl> Wed, 04 March 2020 15:55 UTC
Return-Path: <rick@openfortress.nl>
X-Original-To: dispatch@ietfa.amsl.com
Delivered-To: dispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 203103A11E2 for <dispatch@ietfa.amsl.com>; Wed, 4 Mar 2020 07:55:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=openfortress.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lyXAYc_lQL3S for <dispatch@ietfa.amsl.com>; Wed, 4 Mar 2020 07:55:42 -0800 (PST)
Received: from lb1-smtp-cloud9.xs4all.net (lb1-smtp-cloud9.xs4all.net [194.109.24.22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCB5C3A1212 for <dispatch@ietf.org>; Wed, 4 Mar 2020 07:55:41 -0800 (PST)
Received: from popmini.vanrein.org ([83.161.146.46]) by smtp-cloud9.xs4all.net with ESMTP id 9WMzjcEtM9Im29WN0j4AVT; Wed, 04 Mar 2020 16:55:38 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=openfortress.nl; i=rick@openfortress.nl; q=dns/txt; s=fame; t=1583337328; h=message-id : date : from : mime-version : to : cc : subject : references : in-reply-to : content-type : content-transfer-encoding : date : from : subject; bh=DlAMaIU+DsqqE60oMM5NTUvm9Imlsdh7MPrW/nr0k7Y=; b=CtZq2dyzzXKSZZuo3Sf1d7pLvoEsh/t/poK/iQbkOaTyRrtHvzX/0SQj IJlp5SuNmmFP9xf266pLvYtpU2x+N6XeVLwcBn6AJyPSjaRfHh49GLrjvc ctIswIH+Sk7T/1xwRjS7kW1Y4N9tCkeAdiUniD2fDKqIv/ieXgu2ndrq8=
Received: by fame.vanrein.org (Postfix, from userid 1006) id 1608D24D92; Wed, 4 Mar 2020 15:55:08 +0000 (UTC)
X-Original-To: dispatch@ietf.org
Received: from airhead.local (phantom.vanrein.org [83.161.146.46]) by fame.vanrein.org (Postfix) with ESMTPA id 7668424D93; Wed, 4 Mar 2020 15:55:03 +0000 (UTC)
Message-ID: <5E5FCF56.3090601@openfortress.nl>
Date: Wed, 04 Mar 2020 16:55:02 +0100
From: Rick van Rein <rick@openfortress.nl>
User-Agent: Postbox 3.0.11 (Macintosh/20140602)
MIME-Version: 1.0
To: DISPATCH WG <dispatch@ietf.org>
CC: "Henri Manson (ARPA2)" <henri.manson@arpa2.org>, Daniel Stenberg <daniel@haxx.se>
References: <5E54D66F.5070902@openfortress.nl>
In-Reply-To: <5E54D66F.5070902@openfortress.nl>
X-Enigmail-Version: 1.2.3
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bogosity: Unsure, tests=bogofilter, spamicity=0.520000, version=1.2.4
X-CMAE-Envelope: MS4wfH37AaevNbB82oyKIAWFjlDNP7j9HNtBZ2OMSkHQxaG2iqWsijDLxMHeWVIPVwYPS5yL1MqWfO1NyuITFypZAfnxvJ0Ki7dIinPoRMznoDrbgPYRM1R+ k3ntC24OzxYF/MwDULCmCG88jH+FEJx11PJS7rOJytLKJZ32+HYf7xDTxiuSxkQmbG1rg45VktsNUg==
Archived-At: <https://mailarchive.ietf.org/arch/msg/dispatch/ic9UmDvEOM5-Mb3Q8ecop1NkMtI>
Subject: Re: [dispatch] SASL Authentication for HTTP
X-BeenThere: dispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DISPATCH Working Group Mail List <dispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dispatch>, <mailto:dispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dispatch/>
List-Post: <mailto:dispatch@ietf.org>
List-Help: <mailto:dispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dispatch>, <mailto:dispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Mar 2020 15:55:51 -0000
Hello DISPATCH, I uploaded a new version of the draft, taking on board feedback from the HTTPbis group (thanks, Daniel!). It now features an example run. -Rick Name: draft-vanrein-httpauth-sasl Revision: 04 Title: HTTP Authentication with SASL Document date: 2020-03-04 Group: Individual Submission Pages: 14 URL: https://www.ietf.org/internet-drafts/draft-vanrein-httpauth-sasl-04.txt Status: https://datatracker.ietf.org/doc/draft-vanrein-httpauth-sasl/ Htmlized: https://tools.ietf.org/html/draft-vanrein-httpauth-sasl-04 Htmlized: https://datatracker.ietf.org/doc/html/draft-vanrein-httpauth-sasl Diff: https://www.ietf.org/rfcdiff?url2=draft-vanrein-httpauth-sasl-04 Abstract: Most application-level protocols standardise their authentication exchanges under the SASL framework. HTTP has taken another course, and often ends up replicating the work to allow individual mechanisms. This specification adopts full SASL authentication into HTTP. CHANGELOG: CHANGES FROM 03 TO 04: * Made the "realm" field optional; that is what RFC 7235 seems to suggest * Removed the "text" field; it is not SASL-specific; could be a security risk * Fields c2s and s2c are base64-encoded and are absent in lieu of a SASL token * Dropped userview= to make it an orthogonal HTTP User: header * Added an example run (that was a very useful suggestion!) * Confirmed the Authentication-Info header in the Final 200 Response * Changed envvar SASL_CLIENTID to the customary name REMOTE_USER * Replaced 403 Forbidden with a repeated response asking for authentication * Renamed Final 200 to Positive Response, Final 403 to Negative Response
- [dispatch] SASL Authentication for HTTP Rick van Rein
- Re: [dispatch] SASL Authentication for HTTP Ben Campbell
- Re: [dispatch] SASL Authentication for HTTP Mark Nottingham
- Re: [dispatch] SASL Authentication for HTTP Ben Campbell
- Re: [dispatch] SASL Authentication for HTTP Mark Nottingham
- Re: [dispatch] SASL Authentication for HTTP Rick van Rein
- Re: [dispatch] SASL Authentication for HTTP Alexey Melnikov
- Re: [dispatch] SASL Authentication for HTTP Rick van Rein