Description

The AuthenticationInfo object within PushNotificationConfig includes a scheme field, but the specification does not clarify whether this refers to an HTTP Authentication Scheme from the IANA registry.

Issue

The scheme field in AuthenticationInfo is documented without specifying:

• Whether it should be a valid HTTP Authentication Scheme from the IANA HTTP Authentication Scheme Registry
• What values are acceptable (e.g., "Bearer", "Basic", "Digest", etc.)
• Whether custom schemes are permitted
• Case sensitivity requirements

Suggested Action

Clarify the scheme field specification by:

1. Explicitly referencing the IANA HTTP Authentication Scheme Registry if applicable (https://www.iana.org/assignments/http-authschemes/)
2. Specifying which standard schemes are supported (e.g., Bearer, Basic)
3. Documenting whether custom/proprietary schemes are allowed
4. Providing examples of valid scheme values
5. Clarifying case sensitivity expectations (schemes are typically case-insensitive per RFC 7235)

Additional Context

Clear specification of the authentication scheme will ensure:

• Consistent implementation across A2A agents
• Proper interoperability with standard HTTP authentication mechanisms
• Better security practices by encouraging use of well-defined authentication schemes

References

• RFC 7235: Hypertext Transfer Protocol (HTTP/1.1): Authentication
• IANA HTTP Authentication Scheme Registry: https://www.iana.org/assignments/http-authschemes/