Basic Authentication Scheme

draft/authentication-basic.md

@@ -0,0 +1,67 @@
+---
+RFC: XXXX
+Author: Kyle Fuller
+Status: Draft
+Created: 2015-09-22
+Last Modified: 2015-09-28
+---
+
+# API Blueprint RFC XXXX: Basic Authentication Scheme
+
+## Table of Contents
+
+- [Abstract](#abstract)
+- [Motivation](#motivation)
+- [Rationale](#rationale)
+- [Backwards Compatibility](#backwards-compatibility)
+
+## Abstract
+
+This RFC adds the "Basic" authentication scheme for the Authentication
+framework proposed in RFC 0002.
+
+## Motivation
+
+Basic authentication is a commonly used authentication mechanism, and is part
+of the HTTP/1.1 specification defined in
+[RFC1945 section 11.1](http://tools.ietf.org/html/rfc1945#section-11.1).
+
+## Rationale
+
+The "Basic" authentication scheme is based on the model that the user
+agent must authenticate itself with a user-ID and a password.
+
+As such, a basic authentication scheme may configure two properties,
+`username` and `password`. These properties indicate a sample username and
+password that may be used.
+
+For example, as a named authentication scheme:
+
+```apib
+### Auth (Basic)
+
++ username: kyle
++ password: b2952d03bda09cb5f63b0162fbbee77c
+```
+
+As an anonymous scheme:
+
+```apib
++ Authenticated (Basic)
+    + username: kyle
+    + password: b2952d03bda09cb5f63b0162fbbee77c
+```
+
+A client when making a request that is using the Basic authentication scheme
+is expected to base64 encode the username and password separated by a `:` and
+then place it in an `Authentication` header using `Basic` as the scheme.
+As described in [RFC2617 section 2](http://tools.ietf.org/html/rfc2617#section-2).
+
+For example, if the username was `kyle` and the password was
+`b2952d03bda09cb5f63b0162fbbee77c`, `kyle:b2952d03bda09cb5f63b0162fbbee77c`
+would be based64 encoded and placed in the authorization header as follows:
+
+```
+Authorization: Basic a3lsZTpiMjk1MmQwM2JkYTA5Y2I1ZjYzYjAxNjJmYmJlZTc3Yw==
+```
+