RFC 2617 · DRAFT STANDARD · 1999 SUN · 14 JUN 2026

HTTP Authentication: Basic and Digest Access Authentication

By J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart · Published June 1999 · DOI 10.17487/RFC2617

Overview

RFC 2617, “HTTP Authentication: Basic and Digest Access Authentication”, is a Draft Standard document published in June 1999 by J. Franks, P. Hallam-Baker, J. Hostetler, S. Lawrence, P. Leach, A. Luotonen, L. Stewart. It obsoletes RFC 2069. It has been obsoleted by RFC 7235, RFC 7615, RFC 7616, RFC 7617 — refer to the newer document for the authoritative version. The canonical text is published by the RFC Editor.

Abstract

This document provides the specification for HTTP's authentication framework, the original Basic authentication scheme and a scheme based on cryptographic hashes, referred to as "Digest Access Authentication". [STANDARDS-TRACK]

Abstract as published in the RFC, via rfc-editor.org.

What “Draft Standard” means

A historical maturity level (retired in 2011) that sat between Proposed Standard and Internet Standard and required multiple interoperable implementations.

Read this RFC

The canonical text of RFC 2617 is hosted at rfc-editor.org. Available in TXT,HTML.

Read on rfc-editor.org Plain text › HTML › IETF Datatracker › DOI link ›
Relationships to other RFCs
This RFC obsoletes
RFC 2069
Other RFCs from 1999

Who Is Online

In total there are 695 users online: 0 registered, 688 guests and 7 bots.

Most users ever online was 1,226 on 13 Jun 2026, 3:56 am.

Bots: AhrefsBot Applebot Bingbot Other Bot Other Crawler SemrushBot Sogou

Users active in the past 15 minutes. Total registered members: 354