If you do a google search on "rfc http basic authentication base64," among the 441,000 estimated hits will be a link or two to RFC 2617, which describes http authentication. This is an old document and probably obsolete, but I don't think much has changed. To quote the RFC:

To receive authorization, the client sends the userid and password, separated by a single colon (":") character, within a base64 encoded string in the credentials.