This work is licensed under a CC |
For any task involving personalization and/or trust, it is not only necessary to have a concept for providing privacy, but also to have concepts for identity and how to prove identity, which needs authentication. HTTP has built-in mechanisms for authentication, and the standard HTTP Authentication mechanisms are Basic Authentication and Digest Access Authentication. Instead of these mechanisms, many applications implement their own ways of authentication, which often are based around authentication using HTML Forms.
401 Unauthorized
means the resource is access controlled403 Forbidden
means the resource is inaccessible405 Method Not Allowed
signals a request using the wrong request methodusername:password
stringHTTP/1.0 401 Unauthorized WWW-Authenticate: Basic realm="SokEvo"
GET /private/index.html HTTP/1.0 Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
logging outof HTTP authenticated sessions is hard
HTTP/1.0 401 Unauthorized WWW-Authenticate: Digest realm="testrealm@host.com", qop="auth,auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41"
GET /dir/index.html HTTP/1.0 Authorization: Digest username="Mufasa", realm="testrealm@host.com", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/dir/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41"
log outwithout using browser-specific controls
secure personal browsersthis would not work very well
login representationis the preferred method
login representationsfor protected resources