IETF Logo Mail Archive

Re: [hybi] WebSocket handshake (HTTP and SSO)

Brodie Thiesfield <brofield@gmail.com> Mon, 30 August 2010 22:30 UTC

Return-Path: <brofield@gmail.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E65B33A6A02 for <hybi@core3.amsl.com>; Mon, 30 Aug 2010 15:30:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EkXP4zxVatnU for <hybi@core3.amsl.com>; Mon, 30 Aug 2010 15:30:45 -0700 (PDT)
Received: from mail-pv0-f172.google.com (mail-pv0-f172.google.com [74.125.83.172]) by core3.amsl.com (Postfix) with ESMTP id 2595D3A67DB for <hybi@ietf.org>; Mon, 30 Aug 2010 15:30:45 -0700 (PDT)
Received: by pvg7 with SMTP id 7so2707466pvg.31 for <hybi@ietf.org>; Mon, 30 Aug 2010 15:31:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=osXqEqHravXhruJ75RQUzUyXAU0ota84RMWlieUZJaE=; b=aw4+JDzE+Ag9AM7QrjeNs3lIK6mPBbIHep6rVMmhDiXLN1sfzeHrxTGLscxSk8FejD SLM+gIsPYnPQl/caAqnGgLU1K6zdaPD+6d9GvNDIKfIeqbCXpqfh2UiEL5Lg7G/Hh05m YAHXc8AbusYcV4Tiz8va6NVXfNiKOXESkIWJY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=gtnB8XvnkwBKRgF+h5jIq3un70rgF2L6xnRjfiLghxr+xGVc7iXDvRkDiaW4O5+ccn LQSljJqB2uTkgB8Jn3s9mTYE1nD+jOYI2x5JFnkV/0DM5qs9+Zb07/NeApWZVZwCnaU1 Y0xGY+Mis/WKYnDWh2Nzt4L2i7xO+HjiOH9sk=
Received: by 10.114.61.1 with SMTP id j1mr5946495waa.135.1283207476095; Mon, 30 Aug 2010 15:31:16 -0700 (PDT)
Received: from [192.168.0.2] (usr013.bb151-01.udk.im.wakwak.ne.jp [61.205.253.79]) by mx.google.com with ESMTPS id x9sm15027954waj.3.2010.08.30.15.31.14 (version=SSLv3 cipher=RC4-MD5); Mon, 30 Aug 2010 15:31:14 -0700 (PDT)
Message-ID: <4C7C312F.5090809@gmail.com>
Date: Tue, 31 Aug 2010 07:31:11 +0900
From: Brodie Thiesfield <brofield@gmail.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: Greg Wilkins <gregw@webtide.com>
References: <4C7A269F.8020306@gmail.com> <AANLkTinqJ+K-pqm7p7S+aviWVY==S0mJ9RBvNfpnTa02@mail.gmail.com>
In-Reply-To: <AANLkTinqJ+K-pqm7p7S+aviWVY==S0mJ9RBvNfpnTa02@mail.gmail.com>
Content-Type: text/plain; charset="ISO-2022-JP"
Content-Transfer-Encoding: 7bit
Cc: hybi <hybi@ietf.org>
Subject: Re: [hybi] WebSocket handshake (HTTP and SSO)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 30 Aug 2010 22:30:47 -0000

 All,

On 30/08/2010 9:44 AM, Greg Wilkins wrote:
> My feeling is that the browsers vendors are less keen on supporting
> HTTP features on websocket handshakes, while the server vendors are
> very keen.  I think some time and experience with real deployments is
> needed for those two positions to converge.  Thus I think at this
> stage having the prohibition on such features removed is the best we
> can expect and that will allows  servers/browsers to experiment with
> supporting HTTP features.

I can accept that it may not happen, as long as it is theoretically
possible. It seemed that it would be from the current documents, but it
obviously still has some debate to continue. It would just be easier for
us to have the browser handle the user login via the standard HTTP
authentication conversation.

Regards,
Brodie


> On 29 August 2010 19:21, Brodie Thiesfield <brodie@jellycan.com> wrote:
>> Hi,
>>
>> I would like to request a clarification of the current thinking of the
>> working group.
>>
>> I am a developer keen to use WebSocket for its ability to have multiple
>> simultaneous outstanding requests from our clients over a single socket. My
>> company's product currently uses SOAP over HTTP, however we are currently
>> experimenting with existing browser implementations of WebSocket (+ flash
>> where not supported). We are now sending the same SOAP requests over
>> WebSocket and having some good results in our trials.
>>
>> However, we need to support this product in corporate networks, and for this
>> reason one of our biggest requirements is to be able to support single sign
>> on from the desktop.
>>
>> Prior to the server allowing the WebSocket upgrade request with a 101
>> header, will it be valid to require authentication via standard HTTP 401
>> authorization required dialog? (i.e. via Microsoft negotiate, basic, digest,
>> etc). Only after the client is successfully authorized would we want to
>> accept the Upgrade and change to WebSocket.
>>
>> The -76/-00 protocol would not permit this (due to the extra bytes in the
>> Upgrade request) however the document
>> https://datatracker.ietf.org/doc/draft-ietf-hybi-websocket-requirements/
>> (REQ 8) states that connections must be HTTP up to the acceptance of the
>> Upgrade, and (REQ 9) that existing HTTP components should be able to be
>> reused.
>>
>> Is this document the latest thoughts of the WG? Should I continue with the
>> assumption that it is likely that this style of WebSocket handshake would be
>> supported?
>>
>> Regards,
>> Brodie
>>
>> _______________________________________________
>> hybi mailing list
>> hybi@ietf.org
>> https://www.ietf.org/mailman/listinfo/hybi
>>

v2.23.0 | Report a Bug | By Email