參考文件

RFC 文件

• RFC 793 - Transmission Control Protocol（TCP）
• RFC 1186 - The MD4 Message-Digest Algorithm
• RFC 1320 - The MD4 Message-Digest Algorithm
• RFC 1321 - The MD5 Message-Digest Algorithm
• RFC 1945 - HTTP/1.0
• RFC 2068 - HTTP/1.1
• RFC 2069 - An Extension to HTTP : Digest Access Authentication
• RFC 2109 - HTTP State Management Mechanism
• RFC 2234 - Augmented BNF for Syntax Specifications: ABNF
• RFC 2246 - TLS 1.0
• RFC 2616 - HTTP/1.1
• RFC 2617 - HTTP Authentication: Basic and Digest Access Authentication
• RFC 2965 - HTTP State Management Mechanism
• RFC 3174 - US Secure Hash Algorithm 1 (SHA1)
• RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax
• RFC 4234 - Augmented BNF for Syntax Specifications: ABNF
• RFC 4346 - TLS 1.1
• RFC 4648 - The Base16, Base32, and Base64 Data Encodings
• RFC 5234 - Augmented BNF for Syntax Specifications: ABNF
• RFC 5246 - TLS 1.2
• RFC 5849 - The OAuth 1.0 Protocol
• RFC 6101 - SSL 3.0
• RFC 6150 - MD4 to Historic Status
• RFC 6234 - US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)
• RFC 6238 - TOTP: Time-Based One-Time Password Algorithm
• RFC 6265 - HTTP State Management Mechanism
• RFC 6749 - The OAuth 2.0 Authorization Framework
• RFC 6819 - OAuth 2.0 Threat Model and Security Considerations
• RFC 7009 - OAuth 2.0 Token Revocation
• RFC 7034 - HTTP Header Field X-Frame-Options
• RFC 7230 - HTTP/1.1: Message Syntax and Routing
• RFC 7231 - HTTP/1.1: Semantics and Content
• RFC 7232 - HTTP/1.1: Conditional Requests
• RFC 7233 - HTTP/1.1: Range Requests
• RFC 7234 - HTTP/1.1: Caching
• RFC 7235 - HTTP/1.1: Authentication
• RFC 7515 - JSON Web Signature
• RFC 7516 - JSON Web Encryption
• RFC 7517 - JSON Web Key
• RFC 7518 - JSON Web Algorithms
• RFC 7519 - JSON Web Token
• RFC 7521 - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants
• RFC 7522 - SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants
• RFC 7523 - JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants
• RFC 7540 - HTTP/2
• RFC 7615 - HTTP Authentication-Info and Proxy-Authentication-Info Response Header Fields
• RFC 7616 - HTTP Digest Access Authentication
• RFC 7617 - The ‘Basic’ HTTP Authentication Scheme
• RFC 7636 - Proof Key for Code Exchange
• RFC 7643 - System for Cross-domain Identity Management: Core Schema
• RFC 7662 - OAuth 2.0 Token Introspection
• RFC 8252 - OAuth 2.0 for Native Apps
• RFC 8414 - OAuth 2.0 Authorization Server Metadata
• RFC 8628 - OAuth 2.0 Device Authorization Grant
• RFC 8693 - OAuth 2.0 Token Exchange
• RFC 9068 - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens
• RFC 9110 - HTTP Semantics
• RFC 9111 - HTTP Caching
• RFC 9112 - HTTP/1.1
• RFC 9113 - HTTP/2
• RFC 9114 - HTTP/3
• OAuth 2.0 for Browser-Based Apps (RFC Draft)
• OAuth 2.0 Security Best Current Practice (RFC Draft)
• The OAuth 2.1 Authorization Framework
• OpenID Connect Core
• OpenID Connect Discovery
• OpenID Connect Dynamic Registration
• OAuth 2.0 Multiple Response Types
• OAuth 2.0 Form Post Response Mode
• OpenID 2.0 to OpenID Connect Migration 1.0
• OpenID Connect RP-Initiated Logout 1.0
• OpenID Connect Session Management 1.0
• OpenID Connect Front-Channel Logout 1.0
• OpenID Connect Back-Channel Logout 1.0
• OpenID Connect Extended Authentication Profile (EAP) ACR Values 1.0 (Draft)
• OpenID Connect MODRNA Authentication Profile 1.0 (Draft)

其他參考

• OpenID Connect Client-Initiated Backchannel Authentication Flow - Core 1.0
• Initiating User Registration via OpenID Connect 1.0