IETF Logo Mail Archive

Re: [hybi] About authentication mechanism

Ian Fette (イアンフェッティ) <ifette@google.com> Tue, 28 June 2011 22:44 UTC

Return-Path: <ifette@google.com>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A2DF011E81C2 for <hybi@ietfa.amsl.com>; Tue, 28 Jun 2011 15:44:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.675
X-Spam-Level:
X-Spam-Status: No, score=-105.675 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tLPUmRIdUnch for <hybi@ietfa.amsl.com>; Tue, 28 Jun 2011 15:44:52 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfa.amsl.com (Postfix) with ESMTP id C67EB11E81BB for <hybi@ietf.org>; Tue, 28 Jun 2011 15:44:51 -0700 (PDT)
Received: from hpaq11.eem.corp.google.com (hpaq11.eem.corp.google.com [172.25.149.11]) by smtp-out.google.com with ESMTP id p5SMioR5030826 for <hybi@ietf.org>; Tue, 28 Jun 2011 15:44:50 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1309301090; bh=W8fFDX7WZFZdmIJ+gZnLg/lyzfU=; h=MIME-Version:Reply-To:In-Reply-To:References:Date:Message-ID: Subject:From:To:Cc:Content-Type; b=qjTHmKekVOrzsC8m6IXu04kvua55zjnwA9vmKyrFmwMCJ1Xtf/Bq21ympfS9YK32g QzVOkGTVQ4NERXVMbWUoQ==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:reply-to:in-reply-to:references:date: message-id:subject:from:to:cc:content-type:x-system-of-record; b=F40dHmQZr98vkW5Z6zwv9reNXXdr5qpLGjxDgSjT9pm9Nt6qhF17gPwczV/2/g887 iErCG4saaoAbbsx8dAA/A==
Received: from qyl38 (qyl38.prod.google.com [10.241.83.230]) by hpaq11.eem.corp.google.com with ESMTP id p5SMhmR5006442 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <hybi@ietf.org>; Tue, 28 Jun 2011 15:44:49 -0700
Received: by qyl38 with SMTP id 38so2203200qyl.9 for <hybi@ietf.org>; Tue, 28 Jun 2011 15:44:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=lUrvbq3rsxehBOLcrO2l0QGrpek4cNymi7sXHIyoDBc=; b=MwJTO6hWHBqAcoAyAW2W2VofHEQweIZ3ll4WmXfj0w2hmcf5pUSEQ5Z8/kEUrg4zqy MBF3xTBtdZFOEEtenbXg==
MIME-Version: 1.0
Received: by 10.229.118.78 with SMTP id u14mr87004qcq.29.1309301089218; Tue, 28 Jun 2011 15:44:49 -0700 (PDT)
Received: by 10.229.137.137 with HTTP; Tue, 28 Jun 2011 15:44:49 -0700 (PDT)
In-Reply-To: <CALiegf=Y-kWG7piRnbDtKeh7Edj11OtQqHVCUq4N2_D1pXG8Qw@mail.gmail.com>
References: <BANLkTinerv=Ua4d-ma+uPVJjF95U1U5iXg@mail.gmail.com> <BANLkTin4mWJgQm+pfyYRs_RhRkdMBfY_Og@mail.gmail.com> <BANLkTiksptqmTWftg7Ur98QQnp22QV7OLA@mail.gmail.com> <BANLkTimw8T4pZieBeCjaPQJ8oYWfbTjkmg@mail.gmail.com> <BANLkTikOzzHF1dGz-2-UwTC0kb2ZQd_0Jw@mail.gmail.com> <BANLkTimCTTCU4UFA7JFuBvDZSFv++UyGCA@mail.gmail.com> <BANLkTinWnTxkCh9BM_utX0=pxzE02DypuA@mail.gmail.com> <BANLkTi=LEOyhagpGZF9gTyLxGuqv5U64wmO_afwaw=eR=pVcPw@mail.gmail.com> <BANLkTinGb38bLyH20Q-QaP2jeDCfgYvENw@mail.gmail.com> <CABLsOLD-EWb=pQ33c9FSU3cu0JTGS5mc2-e5-oq-skfp7rzQhA@mail.gmail.com> <CALiegfnfWwqtWqHZ5GUCWMNdWODnV+fHNhn+fxpL49KQ=Fs8Fw@mail.gmail.com> <BANLkTi=CHoqCaTpBUyjokotR6F6tcfajcNedwQg0_ge0JRUYNQ@mail.gmail.com> <CALiegf=Y-kWG7piRnbDtKeh7Edj11OtQqHVCUq4N2_D1pXG8Qw@mail.gmail.com>
Date: Tue, 28 Jun 2011 15:44:49 -0700
Message-ID: <BANLkTim++ywp3fCM8YXuRkH41pUOLqbJZt1JhVdpdUcbJkaVmQ@mail.gmail.com>
From: "Ian Fette (イアンフェッティ)" <ifette@google.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Content-Type: multipart/alternative; boundary="000e0cd5f4aa53afa204a6cd6a6f"
X-System-Of-Record: true
Cc: hybi@ietf.org, Greg Wilkins <gregw@intalio.com>
Subject: Re: [hybi] About authentication mechanism
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ifette@google.com
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2011 22:44:52 -0000

On Tue, Jun 28, 2011 at 3:43 PM, Iñaki Baz Castillo <ibc@aliax.net> wrote:

> 2011/6/29 Ian Fette (イアンフェッティ) <ifette@google.com>:
> > A user is not going to type in a ws:// url to a browser or other client.
> > They are going to open some webpage/application/... that will have ample
> > opportunity to deal with login before that thing instantiates the ws
> > connection.
>
> Ian, I think I already exposed the issue with your suggestion:
>
> - Web Server:  1.1.1.1:80
> - WebSocket Server:  2.2.2.2:80
>
> The webbrowser gets a page and a JS code from 1.1.1.1:80.
> The JS opens a WebSocket connection with 2.2.2.2:80.
>
> Could you explain me how the WebSocket server, ***running in a
> separate server***, can authenticate the user based on previous user's
> authentication with the Web Server?
>
>
>
Pass an oauth token, or have the WS server issue some challenge that the JS
answers (or presents to the user on behalf of the server if it's really
necessary), many ways. This is not a new problem.


>
> --
> Iñaki Baz Castillo
> <ibc@aliax.net>
>

v2.23.0 | Report a Bug | By Email