IETF Logo Mail Archive

Re: [hybi] WebSocket handshake (HTTP and SSO)

Greg Wilkins <gregw@webtide.com> Mon, 06 September 2010 13:33 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id BBE593A67E5 for <hybi@core3.amsl.com>; Mon, 6 Sep 2010 06:33:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.77
X-Spam-Level:
X-Spam-Status: No, score=-0.77 tagged_above=-999 required=5 tests=[AWL=-1.207, BAYES_40=-0.185, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FLqEjPxnVvL9 for <hybi@core3.amsl.com>; Mon, 6 Sep 2010 06:33:28 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id 6DC333A6864 for <hybi@ietf.org>; Mon, 6 Sep 2010 06:33:28 -0700 (PDT)
Received: by wwj40 with SMTP id 40so5171829wwj.13 for <hybi@ietf.org>; Mon, 06 Sep 2010 06:33:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.147.204 with SMTP id m12mr2277993wbv.131.1283780036550; Mon, 06 Sep 2010 06:33:56 -0700 (PDT)
Received: by 10.227.154.145 with HTTP; Mon, 6 Sep 2010 06:33:55 -0700 (PDT)
In-Reply-To: <AANLkTi=pD1tXjL4QV5p0Jf2WmSiGJ_7aVOthNnW8WB3u@mail.gmail.com>
References: <AANLkTinxTLuDEiS=XuyVHG1W+aizKHWk2Z4=LLqEHvC4@mail.gmail.com> <AANLkTik5uJ4wxUV-gvRmAMBe=JjOa-2yaA7zpf+hznS_@mail.gmail.com> <AANLkTi=pD1tXjL4QV5p0Jf2WmSiGJ_7aVOthNnW8WB3u@mail.gmail.com>
Date: Mon, 06 Sep 2010 23:33:55 +1000
Message-ID: <AANLkTi=_ugNLeUKePxoAkcwXo-UAP6Eg0-KyOq3BNwey@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Benjamin Black <b@b3k.us>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] WebSocket handshake (HTTP and SSO)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 Sep 2010 13:33:30 -0000

2010/9/4 Benjamin Black <b@b3k.us>:
> I actually removed a sentence saying approximately "I don't see how
> this matters to anyone but Google", but thought it too snarky.  Next
> time I'll know!

I've been implementing comet solutions for applications with several
orders of magnitude less users than google.

Initial start up time definitely does matter.

For example, if the websocket transport is left on, then the RTT taken
to try, fail and then fall back to normal comet is very noticeable.
Specially if it combines with RTTs for cross domain preflight
requests.

> My suggestion?  Use existing HTTP auth, since that is easier for
> everyone else.  Implement alternative schemes in Chrome and for your
> apps (the client side will know to use the Google auth mechanism, and
> its use will tell the server what is going on).

My suggestion is that this WG should not be trying to pick winners in
the game of Authentication. We should support all commonly deployed
authentication mechanisms and anticipate future support of all
reasonably conceived possible authentication mechanisms.

cheers

v2.23.0 | Report a Bug | By Email