Hypertext Transfer Protocol (HTTP) Authentication Scheme Registry

Hypertext Transfer Protocol (HTTP) Authentication Scheme Registry
Hypertext Transfer Protocol (HTTP) Authentication Scheme Registry
Created
2014-02-17
2025-02-18
Available Formats
XML
HTML
Plain text
Registries Included Below
HTTP Authentication Schemes
HTTP Mutual Authentication Algorithms
HTTP Authentication Schemes
Registration Procedure(s)
IETF Review
Reference
RFC9110, Section 16.4.1
Available Formats
CSV
Authentication Scheme Name
Reference
Notes
Basic
RFC7617
Bearer
RFC6750
Concealed
RFC9729
Digest
RFC7616
DPoP
RFC9449, Section 7.1
GNAP
RFC9635, Section 7.2
HOBA
RFC7486, Section 3
The HOBA scheme can be used with either HTTP
servers or proxies. When used in response to a 407 Proxy
Authentication Required indication, the appropriate proxy
authentication header fields are used instead, as with any other HTTP
authentication scheme.
Mutual
RFC8120
Negotiate
RFC4559, Section 3
This authentication scheme violates both HTTP semantics (being connection-oriented) and syntax
(use of syntax incompatible with the WWW-Authenticate and Authorization header field syntax).
OAuth
RFC5849, Section 3.5.1
PrivateToken
RFC9577, Section 2
SCRAM-SHA-1
RFC7804
SCRAM-SHA-256
RFC7804
vapid
RFC 8292, Section 3
HTTP Mutual Authentication Algorithms
Registration Procedure(s)
Expert Review
Expert(s)
Rifaat Shekh-Yusef, Yutaka Oiwa
Reference
RFC8120
Available Formats
CSV
Token
Description
Reference
Change Controller
iso-kam3-dl-2048-sha256
ISO-11770-4 KAM3, 2048-bit DL
RFC8121
IESG
iso-kam3-dl-4096-sha512
ISO-11770-4 KAM3, 4096-bit DL
RFC8121
IESG
iso-kam3-ec-p256-sha256
ISO-11770-4 KAM3, 256-bit EC
RFC8121
IESG
iso-kam3-ec-p521-sha512
ISO-11770-4 KAM3, 521-bit EC
RFC8121
IESG