I couldn't find an easy to understand answer in the specification document. Besides the simple answer I would be glad to get a reference to the specification describing this.

This question is a follow up for Authorization header in null when setting its value to an Encrypted SAML 2 token.

RFC 2616, 14.8 Authorization:

Authorization = "Authorization" ":" credentials

RFC 2616, 11 Access Authentication:

This specification adopts the definitions of [..] "credentials" from [RFC 2617].

RFC 2617, 1.2 1.2 Access Authentication Framework:

credentials    = auth-scheme #auth-param
auth-scheme    = token
auth-param     = token "=" ( token | quoted-string )

RFC 2617, 2 Basic Authentication Scheme

For Basic, the framework above is utilized as follows:

 credentials = "Basic" basic-credentials

So after the fixed Authorization: part, you can use:

• token, followed by an optional "=" (token | quoted-string) (see page 16 of RFC 2616) when using Digest or any other unspecified authentication scheme, or
• "Basic" basic-credentials when using Basic authentication, where basic-credentials are base64-encoded according to RFC 2045.

I guess though that you're actually trying to ask a different question. Do you have any trouble regarding implementing a specific authorization mechanism? In what language are you trying to implement that, what code do you currently have and what is the problem?

Don't worry about the soon-to-be-obsoleted specs and look here: http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p7-auth-24.html##challenge.and.response