IETF Logo Mail Archive

Re: [http-auth] WGLC for draft-ietf-httpauth-hoba-04

Stephen Farrell <stephen.farrell@cs.tcd.ie> Mon, 06 October 2014 15:13 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: http-auth@ietfa.amsl.com
Delivered-To: http-auth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A4661A01A5 for <http-auth@ietfa.amsl.com>; Mon, 6 Oct 2014 08:13:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.686
X-Spam-Level:
X-Spam-Status: No, score=-2.686 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.786] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MJnQgH4F_KHD for <http-auth@ietfa.amsl.com>; Mon, 6 Oct 2014 08:13:39 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) by ietfa.amsl.com (Postfix) with ESMTP id 957051A0163 for <http-auth@ietf.org>; Mon, 6 Oct 2014 08:13:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id D264FBE02; Mon, 6 Oct 2014 16:13:38 +0100 (IST)
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CLRkLk-dQpPH; Mon, 6 Oct 2014 16:13:38 +0100 (IST)
Received: from [134.226.36.180] (stephen-think.dsg.cs.tcd.ie [134.226.36.180]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id A1277BE00; Mon, 6 Oct 2014 16:13:38 +0100 (IST)
Message-ID: <5432B1A2.4070503@cs.tcd.ie>
Date: Mon, 06 Oct 2014 16:13:38 +0100
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version: 1.0
To: Julian Reschke <julian.reschke@gmx.de>, Yoav Nir <ynir.ietf@gmail.com>, IETF HTTP Auth <http-auth@ietf.org>
References: <8A2A44BA-D6DC-4588-A456-0796208F4BBD@gmail.com> <54211CFF.1040702@gmx.de> <54216016.4060800@gmx.de> <54329785.7090002@cs.tcd.ie> <5432AF95.9060905@gmx.de>
In-Reply-To: <5432AF95.9060905@gmx.de>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/http-auth/KY9joHesEQ-RbI1I4ybGP3TgxBI
Subject: Re: [http-auth] WGLC for draft-ietf-httpauth-hoba-04
X-BeenThere: http-auth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: HTTP authentication methods <http-auth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/http-auth>, <mailto:http-auth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/http-auth/>
List-Post: <mailto:http-auth@ietf.org>
List-Help: <mailto:http-auth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/http-auth>, <mailto:http-auth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Oct 2014 15:13:42 -0000

Hiya,

On 06/10/14 16:04, Julian Reschke wrote:
>> 
> 
> Wait. You can't just introduce a new HTTP header field (not HTTP
> header) in passing.

Heh, I figured the header (field) police would catch up with me
at some point:-) And that's ok, better to do it right.

Can you tell me the difference here between a HTTP header field
and a HTTP header?

> If you need a new header field, please have a separate section with
> a precise definition of what it is about, and when writing that,
> please follow the guidance in 
> <http://svn.tools.ietf.org/svn/wg/httpbis/specs/rfc7231.html#considerations.for.new.header.fields>.

I'll look that over, but first...

>
> That being said; are you sure you need an additional header field?

I *think* we do. The issue is that the UA needs to know when
it can use HOBA which means it needs to know when it has succeeded
in registration. And since registration can be a multiple-exchange
application layer thing, we need a way to signal the successful end
of that back to the UA. So the earlier discussion with Michael ended
up with a header field that the server can put into the "last" HTTP
response that was needed for successful registration. If there's a
better/easier/more-correct way then to handle this then I'd be just
fine with that too, whatever it is.

Cheers,
S.

v2.37.1 | Report a Bug | By Email | System Status