IETF Logo Mail Archive

Braid-HTTP synchronization proposal: Authentication

Santiago Bazerque <sbazerque@gmail.com> Fri, 13 December 2019 14:44 UTC

Return-Path: <ietf-http-wg-request+bounce-httpbisa-archive-bis2juki=lists.ie@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0147512011D for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 13 Dec 2019 06:44:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.75
X-Spam-Level:
X-Spam-Status: No, score=-2.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, MAILING_LIST_MULTI=-1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rAQn7P4D7O7N for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Fri, 13 Dec 2019 06:44:46 -0800 (PST)
Received: from frink.w3.org (frink.w3.org [IPv6:2603:400a:ffff:804:801e:34:0:38]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 963A712009E for <httpbisa-archive-bis2Juki@lists.ietf.org>; Fri, 13 Dec 2019 06:44:46 -0800 (PST)
Received: from lists by frink.w3.org with local (Exim 4.89) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1ifm8a-0007ux-Cv for ietf-http-wg-dist@listhub.w3.org; Fri, 13 Dec 2019 14:41:48 +0000
Resent-Date: Fri, 13 Dec 2019 14:41:48 +0000
Resent-Message-Id: <E1ifm8a-0007ux-Cv@frink.w3.org>
Received: from uranus.w3.org ([128.30.52.58]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <sbazerque@gmail.com>) id 1ifm8Y-0007uA-2a for ietf-http-wg@listhub.w3.org; Fri, 13 Dec 2019 14:41:46 +0000
Received: from www-data by uranus.w3.org with local (Exim 4.92) (envelope-from <sbazerque@gmail.com>) id 1ifm8X-0006IG-VN for ietf-http-wg@listhub.w3.org; Fri, 13 Dec 2019 14:41:45 +0000
Received: from titan.w3.org ([2603:400a:ffff:804:801e:34:0:4c]) by frink.w3.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from <sbazerque@gmail.com>) id 1iflQL-0007dC-UA for ietf-http-wg@listhub.w3.org; Fri, 13 Dec 2019 13:56:05 +0000
Received: from mail-lj1-x22f.google.com ([2a00:1450:4864:20::22f]) by titan.w3.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <sbazerque@gmail.com>) id 1iflQK-0007qn-NR for ietf-http-wg@w3.org; Fri, 13 Dec 2019 13:56:05 +0000
Received: by mail-lj1-x22f.google.com with SMTP id h23so2724490ljc.8 for <ietf-http-wg@w3.org>; Fri, 13 Dec 2019 05:56:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=LyjekFpSM7Za43Ir0Zbav+WVgWLkDiXeQ6256tKNw/w=; b=uE/QxBzlVi5ArRBhnlIZoCIfv7RrPt7mlKWN86drLONeWwH8aFvrKOeAvYP18YSMLi i6tyfdTo849681PNsW+baybrwYQwcyf6qNje/Ro11eiEuE6yx1iBt3A+j4M378hgbZBQ JGVDd/722KKLytSdFKuweyOdwZs2BV2QE8/oM+kZnSDBi69s4YPBJF445HGxJiSWim/G KQqrHj7c4l5AAlGi4w5dYXMc2U70ahrg/x59uBdVZSLe8ihFo7+rBhAas9V7n70PDC1J MIgVwCOi3J1414tEzoAX+Zi7nG+h3HJN8kcb3FuGVXCEhvsCusHF7cX7X7AH00BS7CqO YjBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=LyjekFpSM7Za43Ir0Zbav+WVgWLkDiXeQ6256tKNw/w=; b=J2vOw47Ebjj7vQdp2HOsvQf1mSJucTUBEX+HPh11m3Egmv7uSwOnnH0CqirnCCi0MO 1w1I7wKw8eXeitOsaZ9v8ol7iLsw1BoTiRQmn9sLyDToQDxQdA2AqCQD+XEOUrW8A/ao 9pC/Jc7Ox4qNykVEuWvHHInSkfJPrqsfgkomQt4Ye3UcSBQCYtKrE1XGzxV4z8IQW3dP t6c70FG4YUJQW7pkQL36j0tstjcIBd4DRf8Pq8UBdybcUuqXdvRb+DMpkUrGTQ7qKV// 0C3utG/LtjGd8974sVUGMGQPevddb9GemMzJAKVDVpYVG8RcvK5oMv35m1dsmCtLHgnZ SLdA==
X-Gm-Message-State: APjAAAUYhtR9IPVtAqFgMrDiFO+6ijzvUFNTwRMSimQ1nqAkiCMTVqMP ADylpuCWIEeeLh4ZCXgkRf/JVE4+hhXPQMGSiy6jhRMa
X-Google-Smtp-Source: APXvYqyiIunSSlNt41QDeBzyLV7KzE05ETDx7uJIsT9FvCo1AQe5mcvDMYkps2PzpRICeehzmcN4oe5n44gpIlC03HA=
X-Received: by 2002:a2e:9a04:: with SMTP id o4mr10181546lji.214.1576245362126; Fri, 13 Dec 2019 05:56:02 -0800 (PST)
MIME-Version: 1.0
From: Santiago Bazerque <sbazerque@gmail.com>
Date: Fri, 13 Dec 2019 10:55:50 -0300
Message-ID: <CABuN8zGQTWmhZh3nBAKR-Yr=Y=UrF8h9eLBLstpiwQFhUgc-MQ@mail.gmail.com>
To: ietf-http-wg@w3.org
Content-Type: multipart/alternative; boundary="000000000000e374fa0599963839"
Received-SPF: pass client-ip=2a00:1450:4864:20::22f; envelope-from=sbazerque@gmail.com; helo=mail-lj1-x22f.google.com
X-W3C-Hub-Spam-Status: No, score=-4.1
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, W3C_AA=-1, W3C_WL=-1
X-W3C-Scan-Sig: titan.w3.org 1iflQK-0007qn-NR 2adb2ad1e7324b883a55624f9e1a6511
X-caa-id: 23dcb305a4
X-Original-To: ietf-http-wg@w3.org
Subject: Braid-HTTP synchronization proposal: Authentication
Archived-At: <https://www.w3.org/mid/CABuN8zGQTWmhZh3nBAKR-Yr=Y=UrF8h9eLBLstpiwQFhUgc-MQ@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/37213
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <https://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

Hello HTTP group!

I'm interested in using the Braid proposal for adding synchronization
capabilities to HTTP. I would like to use it as a standard interface for
otherwise ad-hoc work in adding decentralization capabilities to web
browsers.

Studying the proposed spec, I'd assume that the intended use of the
extensions is in contexts where HTTP is used as an API language (similar to
say, a REST API), rather as a presentation artifact. This is consistent
with the examples given in the spec about a chat application, where the
changes operate on a JSON representation of the conversation:

         PUT /chat
         Version: "g09ur8z74r"
         Parents: "ej4lhb9z78"
         Content-Type: application/json
         Merge-Type: sync9
         Patches: 2

         Content-Length: 62
         Content-Range: json .messages[1:1]

         [{text: "Yo!",
           author: {type: "link", value: "/user/yobot"}]

How would authentication work in such a setting? Does the proposed
extension formalize some set of rules about who would be allowed to PUT
such a modification, or would that be up to each implementation?

Thanks in advance for any clarifications.

Best,
Santiago Bazerque

v2.23.0 | Report a Bug | By Email