[hybi] WebSocket handshake (HTTP and SSO)
Brodie Thiesfield <brodie@jellycan.com> Sun, 29 August 2010 09:20 UTC
Return-Path: <brofield@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DEB0F3A67B5 for <hybi@core3.amsl.com>; Sun, 29 Aug 2010 02:20:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SOgeHCaAp0bv for <hybi@core3.amsl.com>; Sun, 29 Aug 2010 02:20:48 -0700 (PDT)
Received: from mail-px0-f172.google.com (mail-px0-f172.google.com [209.85.212.172]) by core3.amsl.com (Postfix) with ESMTP id 0B0FB3A677E for <hybi@ietf.org>; Sun, 29 Aug 2010 02:20:48 -0700 (PDT)
Received: by pxi6 with SMTP id 6so2042676pxi.31 for <hybi@ietf.org>; Sun, 29 Aug 2010 02:21:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:content-type :content-transfer-encoding; bh=yeXfQ8WgthLoflhVcdXFZA6CBu8DxFShKAkm+WskyxY=; b=PIPbKNr+5qv+v7X5gARzRKY32oHfeBHmxB4lBOFONeY4DtD8Vzd90mktCC7P+NlBY3 zFaQvutv9xAfCmwafjsbQWuxeoUJ+pFguHn/p+I7pzIgsLZAX0DaUF8psflXV8HKgSS2 Z2FOa4tskuEMPSIxWXFQZGL1Rn7v2FTsIK/WI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :content-type:content-transfer-encoding; b=ayckQ6SDAl4PINY7HQbLgzaTPRP6m6q2QTQ4fqc/KioOAyj7/kUoNdTtLUPzGgmeam qmtadSCLm9GuDlGE4X5pBuABg/GF0X1MTDdnk49bqax8vHvdvY5PwcHnI5S/TXcewAPR CfyynW0jxSUPPQgDnsu8XErc3zNhQ3EXzfgCg=
Received: by 10.114.39.16 with SMTP id m16mr235981wam.221.1283073679466; Sun, 29 Aug 2010 02:21:19 -0700 (PDT)
Received: from [192.168.0.3] (usr013.bb151-01.udk.im.wakwak.ne.jp [61.205.253.79]) by mx.google.com with ESMTPS id c24sm11255616wam.19.2010.08.29.02.21.17 (version=SSLv3 cipher=RC4-MD5); Sun, 29 Aug 2010 02:21:18 -0700 (PDT)
Sender: Brodie Thiesfield <brofield@gmail.com>
Message-ID: <4C7A269F.8020306@gmail.com>
Date: Sun, 29 Aug 2010 18:21:35 +0900
From: Brodie Thiesfield <brodie@jellycan.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: hybi@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Sun, 29 Aug 2010 15:54:37 -0700
Subject: [hybi] WebSocket handshake (HTTP and SSO)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Aug 2010 09:45:32 -0000
Hi, I would like to request a clarification of the current thinking of the working group. I am a developer keen to use WebSocket for its ability to have multiple simultaneous outstanding requests from our clients over a single socket. My company's product currently uses SOAP over HTTP, however we are currently experimenting with existing browser implementations of WebSocket (+ flash where not supported). We are now sending the same SOAP requests over WebSocket and having some good results in our trials. However, we need to support this product in corporate networks, and for this reason one of our biggest requirements is to be able to support single sign on from the desktop. Prior to the server allowing the WebSocket upgrade request with a 101 header, will it be valid to require authentication via standard HTTP 401 authorization required dialog? (i.e. via Microsoft negotiate, basic, digest, etc). Only after the client is successfully authorized would we want to accept the Upgrade and change to WebSocket. The -76/-00 protocol would not permit this (due to the extra bytes in the Upgrade request) however the document https://datatracker.ietf.org/doc/draft-ietf-hybi-websocket-requirements/ (REQ 8) states that connections must be HTTP up to the acceptance of the Upgrade, and (REQ 9) that existing HTTP components should be able to be reused. Is this document the latest thoughts of the WG? Should I continue with the assumption that it is likely that this style of WebSocket handshake would be supported? Regards, Brodie
- [hybi] WebSocket handshake (HTTP and SSO) Brodie Thiesfield
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Eric Rescorla
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Brodie Thiesfield
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Joe Hildebrand
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Gabriel Montenegro
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Willy Tarreau
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins