4

Why by HTTP authentication the HTTP header which contains credentials is called "Authorization"? Any historical explanation?

I am asking because I realized that some people mix authentication with authorization and this name convention by HTTP authentication is bit unfortunate.

techraf
  • 9,141
  • 11
  • 44
  • 62
Marcin Sanecki
  • 143
  • 5
  • 1
    Now you understand why people mix them. The name is used in RFC 2068 from Jan 1997 and is clearly used only as a synonym of the credentials in the second meaning from [the dictionary](http://www.oxfordlearnersdictionaries.com/definition/english/authorization). – techraf Aug 17 '16 at 08:48

1 Answers1

2

I don't think there is a deeper meaning behind. The usage is consistent with the English language. The Oxford English Learners Dictionary defines authorization as:

  1. [countable] a document that gives somebody official permission to do something.

    Can I see your authorization?

The HTTP specification for headers dates back at least to RFC 2068 from January 1997 which clearly states:

Authorization = Credentials

On the other hand, first security standards that laid ground to ISO 27k series were codified in 1999-2000.

techraf
  • 9,141
  • 11
  • 44
  • 62