Internet Assigned Numbers Authority

Hypertext Transfer Protocol (HTTP) Authentication Scheme Registry

Created
2014-02-17
Last Updated
2023-11-17
Available Formats

XML

HTML

Plain text

Registries included below

HTTP Authentication Schemes

Registration Procedure(s)
IETF Review
Reference
[RFC9110, Section 16.4.1]
Available Formats

CSV
Authentication Scheme Name Reference Notes
Basic [RFC7617]
Bearer [RFC6750]
Digest [RFC7616]
DPoP [RFC9449, Section 7.1]
HOBA [RFC7486, Section 3] The HOBA scheme can be used with either HTTP servers or proxies. When used in response to a 407 Proxy Authentication Required indication, the appropriate proxy authentication header fields are used instead, as with any other HTTP authentication scheme.
Mutual [RFC8120]
Negotiate [RFC4559, Section 3] This authentication scheme violates both HTTP semantics (being connection-oriented) and syntax (use of syntax incompatible with the WWW-Authenticate and Authorization header field syntax).
OAuth [RFC5849, Section 3.5.1]
PrivateToken [RFC-ietf-privacypass-auth-scheme-15, Section 2]
SCRAM-SHA-1 [RFC7804]
SCRAM-SHA-256 [RFC7804]
vapid [RFC 8292, Section 3]

HTTP Mutual Authentication Algorithms

Registration Procedure(s)
Expert Review
Expert(s)
Rifaat Shekh-Yusef, Yutaka Oiwa
Reference
[RFC8120]
Available Formats

CSV
Token Description Reference Change Controller
iso-kam3-dl-2048-sha256 ISO-11770-4 KAM3, 2048-bit DL [RFC8121] IESG
iso-kam3-dl-4096-sha512 ISO-11770-4 KAM3, 4096-bit DL [RFC8121] IESG
iso-kam3-ec-p256-sha256 ISO-11770-4 KAM3, 256-bit EC [RFC8121] IESG
iso-kam3-ec-p521-sha512 ISO-11770-4 KAM3, 521-bit EC [RFC8121] IESG