2.2.9.1.1.1 HTTP Headers

The request includes a number of fields in the HTTP message headers. The fields MUST follow the rules as specified in [RFC2616] section 4.2.

Tokens

Content-Length: Contains the size, in bytes, of the message body. It MUST be present.

Authorization:  Contains the credentials that are defined according to the framework that is specified in [RFC2616], section 14.8.

   Authorization = "Authorization" ":" credentials
   credentials    = "Negotiate" auth-data2
   auth-data2 = 1#( gssapi-data )

Where gssapi-data is the base64 encoding of the InitializeContextToken, as specified in [RFC4559] section 4.2. The client MUST include the Authorization field in the request until the Web Services Management Protocol Extensions for Windows Vista service responds with a "200 OK" response, indicating that the security context is complete.

Content-Type:  Contains the media type, as specified in [RFC2616] section 14.17.

   Content-Type = "Content-Type"":" 
     1#(contenttype";""protocol""=" protocolvalue";
     ""boundary""="boundaryvalue)

contenttype:  Contains the message content type. It MUST be set to "multipart/encrypted".

protocolvalue:  Contains the authentication mechanism that is used to establish the encryption context. It MUST be set to "application/HTTP-SPNEGO-session-encrypted", which indicates the security context that is obtained from authentication by using SPNEGO over HTTP, as specified in [RFC4559] section 6, and is used to encrypt the message.

boundaryvalue: Contains the boundary that is used as the delimiter line for the multipart media content. It MUST be set to "Encrypted Boundary".