Re: [hybi] WebSocket handshake (HTTP and SSO)
Benjamin Black <b@b3k.us> Sat, 04 September 2010 05:08 UTC
Return-Path: <b@b3k.us>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 898363A67B4 for <hybi@core3.amsl.com>; Fri, 3 Sep 2010 22:08:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.253
X-Spam-Level:
X-Spam-Status: No, score=0.253 tagged_above=-999 required=5 tests=[AWL=-0.370, BAYES_50=0.001, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQQfTFS23LfK for <hybi@core3.amsl.com>; Fri, 3 Sep 2010 22:08:18 -0700 (PDT)
Received: from mail-ww0-f44.google.com (mail-ww0-f44.google.com [74.125.82.44]) by core3.amsl.com (Postfix) with ESMTP id 3A12F3A63EB for <hybi@ietf.org>; Fri, 3 Sep 2010 22:08:17 -0700 (PDT)
Received: by wwj40 with SMTP id 40so2895899wwj.13 for <hybi@ietf.org>; Fri, 03 Sep 2010 22:08:45 -0700 (PDT)
Received: by 10.216.38.20 with SMTP id z20mr834623wea.108.1283576925206; Fri, 03 Sep 2010 22:08:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.3.129 with HTTP; Fri, 3 Sep 2010 22:08:25 -0700 (PDT)
From: Benjamin Black <b@b3k.us>
Date: Fri, 03 Sep 2010 22:08:25 -0700
Message-ID: <AANLkTinxTLuDEiS=XuyVHG1W+aizKHWk2Z4=LLqEHvC4@mail.gmail.com>
To: hybi@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Subject: Re: [hybi] WebSocket handshake (HTTP and SSO)
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Sep 2010 05:08:19 -0000
The focus of the argument in favor of re-implementing authn in Websockets mechanisms that already exist in HTTP is that the authn process sometimes requires an extra round trip. One. Round. Trip. Sometimes. The phrase you seek is "premature optimization". Instead of talking about it in the abstract of a single, extra round trip, I ask when this is relevant. In cases where connections are short-lived, intended for a single request/response, and credentials can't be retained, this concern seems quite important. Since the entire process is one round trip, adding another could add considerable latency. Are Websockets intended for short-lived, request/reply applications? If so, they are pointless as HTTP can handle these applications all on its own. Are they intended for applications in which: 1) a user is not already authenticated OR 2) the credentials can't be passed to the Websocket system to use in authentication? Or, instead, are Websockets intended for long-running connections with numerous round trips, often from applications that can collect credentials and send them directly in the HTTP request that begins the Websocket negotiation? And, if this is so, why are we obsessing over a single round trip adding all of 50ms to initial connection setup instead of recognizing the existing mechanisms are perfectly workable _as is_? If, in the fullness of time and experience, we discover the extra round trip is a serious impediment, we are free to design and implement new mechanisms. File under: another confusing example of hybi efforts eschewing HTTP mechanisms and HTTP compliance. If someone could elucidate that, I would be grateful. b
- [hybi] WebSocket handshake (HTTP and SSO) Brodie Thiesfield
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Eric Rescorla
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Brodie Thiesfield
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Hector Santos
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Joe Hildebrand
- Re: [hybi] WebSocket handshake (HTTP and SSO) Adam Barth
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins
- Re: [hybi] WebSocket handshake (HTTP and SSO) Gabriel Montenegro
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Willy Tarreau
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) Ian Fette (イアンフェッティ)
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) John Tamplin
- Re: [hybi] WebSocket handshake (HTTP and SSO) Benjamin Black
- Re: [hybi] WebSocket handshake (HTTP and SSO) Scott Ferguson
- Re: [hybi] WebSocket handshake (HTTP and SSO) Greg Wilkins