1 - 3 - 7 - 8 - A - B - C - D - E - F - G - H - I - J - L - M - N - O - P - Q - R - S - T - U - V - W
authentication
Click on the red underlined text to get to the source
... An administrator configures Printer objects to either support or not
support authentication and/or message privacy using SSL3 [SSL] (the
...
... IPP/1.0). In some situations, both types of connections (both
authenticated and unauthenticated) can be established using a single
communication channel that has some sort of negotiation ...
... For other 'text' and 'name' attributes supplied by the client,
authentication system, operator, system administrator, or
manufacturer (i.e., for "job-originating-user-name ...
... submitted the print job. The Printer object sets this attribute to
the most authenticated printable name that it can obtain from the
authentication service over which the IPP ...
... the most authenticated printable name that it can obtain from the
authentication service over which the IPP operation was received.
...
... 'job-canceled-by-user': The job was canceled by the owner of the
job using the Cancel-Job request, i.e., by a user whose
authenticated identity is the same as the value of the
originating user that created the Job object, or by some other
...
... 'job-canceled-by-operator': The job was canceled by the operator
using the Cancel-Job request, i.e., by a user who has been
authenticated as having operator privileges (whether local or
remote). If the security policy ...
... secure channel protocol configured to run under HTTP. The name
implies that there is no Basic or Digest authentication being
used, but it is up to the client to determine that while using
...
... HTTP. In
this case, although the name does imply that there is some sort
of Basic or Digest authentication being used within HTTP, it is
up to the client ...
... objects MAY be deployed over both types of protocol stacks. Those
IPP objects that support SSL3, are capable of supporting mutual
authentication as well as privacy of messages via multiple encryption
...
... IPP object, is that the security-related parameters
(authentication, encryption keys, etc.) are "out-of-band" to the
...
... IPP
object does not support SSL3, HTTP still allows for client
authentication using Digest Access Authentication (DAA) [RFC2069].
...
... object does not support SSL3, HTTP still allows for client
authentication using Digest Access Authentication (DAA) [RFC2069].
...
... precedents regarding this scenario.
Once the authenticated identity of the requester has been supplied to
the IPP object, the object uses that identity ...
... domain
requires strong security measures. In this environment authentication
of the printer is required as well as protection against unauthorized
use ...
... client
is supplying some anonymous name, such as "anonymous".
2) via an authentication mechanism of the underlying transport
which may be configured to give no authentication information ...
... authentication mechanism of the underlying transport
which may be configured to give no authentication information.
There are six cases to consider:
...
... There are six cases to consider:
a) the authentication mechanism gives no information, and the
client doesn't specify "requesting-user-name ...
... client doesn't specify "requesting-user-name".
b) the authentication mechanism gives no information, but the
client specifies "requesting-user-name ...
... client specifies "requesting-user-name".
c) the authentication mechanism specifies a user which has no human
readable representation, and the client doesn't specify
...
... "requesting-user-name".
d) the authentication mechanism specifies a user which has no human
readable representation, but the client specifies "requesting-
...
... user-name".
e) the authentication mechanism specifies a user which has a human
readable representation. The Printer object ignores the
"requesting-user-name ...
... "requesting-user-name".
f) the authentication mechanism specifies a user who is trusted and
whose name means that the value of the "requesting-user-name",
...
... whose name means that the value of the "requesting-user-name",
which MUST be present, is treated as the authenticated name.
Note: Case "f" is intended for a tightly coupled gateway ...
... gateway into
their existing print system, this mechanism is necessary unless the
authentication mechanism allows a gateway (client) to act on behalf
...
... - is the value of the "requesting-user-name" for cases b, d and f.
- comes from the authentication mechanism for case e
- is some anonymous name, such as "anonymous" for cases a and c.
...
... - is the value of the "requesting-user-name" for cases b and f.
- comes from the authentication mechanism for cases c, d and e
- is some anonymous name, such as "anonymous" for case a.
...
... user name for authorization. This rule
MUST continue to apply even if a request could be authenticated by
two or more mechanisms. It doesn't matter which of several
authentication mechanisms ...
... authenticated by
two or more mechanisms. It doesn't matter which of several
authentication mechanisms a Printer uses as long as it achieves
consistent results. If a client uses more than one authentication
mechanism ...
... authentication mechanisms a Printer uses as long as it achieves
consistent results. If a client uses more than one authentication
mechanism, it is recommended that an administrator make all
credentials ...
... IPP operations, such as Get-Job-Attributes
and Cancel-Job. Such an implementation also needs to deal with the
problem of authentication of such foreign jobs. One approach would
be to treat all such foreign jobs as belonging to users other than
the user of the IPP client ...
... foreign job to belong to 'anonymous'. Only if the IPP client has
been authenticated as an operator or administrator of the IPP Printer
...
... Franks, J., Hallam-Baker, P., Hostetler, J., Leach, P., Luotonen, A., Sink, E. and L. Stewart, "An Extension to HTTP: Digest Access Authentication", RFC 2069(-> 2617draft), January 1997. ...
... The IPP object understood the request, but is refusing to fulfill it.
Additional authentication information or authorization credentials
...
... client-error-not-authenticated (0x0402) ...
...
The request requires user authentication. The IPP client may repeat
the request with suitable authentication information ...
... user authentication. The IPP client may repeat
the request with suitable authentication information. If the request
already included authentication information, then this status code ...
... the request with suitable authentication information. If the request
already included authentication information, then this status code
indicates that authorization ...
... If this response contains the same challenge as the prior response,
and the user agent has already attempted authentication at least
once, then the response message may contain relevant diagnostic
information ...
...
The requester is not authorized to perform the request. Additional
authentication information or authorization credentials will not help
...
... status code is used
when the IPP object wishes to reveal that the authentication
information is understandable, however, the requester is explicitly
not authorized to perform the request. This status codes reveals
...
... client-error-forbidden x x x x x x x x x
client-error-not-authenticated x x x x x x x x x
client-error-not-authorized x x x x x x x x x
...
... client can find all printers in the "Local Department" context.
Authentication and authorization are also often part of a directory
service so that an administrator ...