RFC 2192 (rfc2192) - Page 2 of 16


IMAP URL Scheme



Alternative Format: Original Text Document



RFC 2192                    IMAP URL Scheme               September 1997


     An IMAP URL takes one of the following forms:

         imap:///
         imap:///;TYPE=
         imap:///[uidvalidity][?]
         imap:///[uidvalidity][isection]

     The first form is used to refer to an IMAP server, the second form
     refers to a list of mailboxes, the third form refers to the
     contents of a mailbox or a set of messages resulting from a search,
     and the final form refers to a specific message or message part.
     Note that the syntax here is informal.  The authoritative formal
     syntax for IMAP URLs is defined in section 11.


3. IMAP User Name and Authentication Mechanism

     A user name and/or authentication mechanism may be supplied.  They
     are used in the "LOGIN" or "AUTHENTICATE" commands after making the
     connection to the IMAP server.  If no user name or authentication
     mechanism is supplied, the user name "anonymous" is used with the
     "LOGIN" command and the password is supplied as the Internet e-mail
     address of the end user accessing the resource.  If the URL doesn't
     supply a user name, the program interpreting the IMAP URL SHOULD
     request one from the user if necessary.

     An authentication mechanism can be expressed by adding
     ";AUTH=" to the end of the user name.  When such an
      is indicated, the client SHOULD request appropriate
     credentials from that mechanism and use the "AUTHENTICATE" command
     instead of the "LOGIN" command.  If no user name is specified, one
     SHOULD be obtained from the mechanism or requested from the user as
     appropriate.

     The string ";AUTH=*" indicates that the client SHOULD select an
     appropriate authentication mechanism.  It MAY use any mechanism
     listed in the CAPABILITY command or use an out of band security
     service resulting in a PREAUTH connection.  If no user name is
     specified and no appropriate authentication mechanisms are
     available, the client SHOULD fall back to anonymous login as
     described above.  This allows a URL which grants read-write access
     to authorized users, and read-only anonymous access to other users.

     If a user name is included with no authentication mechanism, then
     ";AUTH=*" is assumed.






Newman                      Standards Track