IETF Logo Mail Archive

Re: [hybi] Authentication headers

Greg Wilkins <gregw@webtide.com> Wed, 21 July 2010 23:46 UTC

Return-Path: <gregw@webtide.com>
X-Original-To: hybi@core3.amsl.com
Delivered-To: hybi@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 7B5C23A68A4 for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 16:46:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.78
X-Spam-Level:
X-Spam-Status: No, score=-1.78 tagged_above=-999 required=5 tests=[AWL=0.196, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AIDzjjrh+c+6 for <hybi@core3.amsl.com>; Wed, 21 Jul 2010 16:46:36 -0700 (PDT)
Received: from mail-fx0-f44.google.com (mail-fx0-f44.google.com [209.85.161.44]) by core3.amsl.com (Postfix) with ESMTP id 76C143A687C for <hybi@ietf.org>; Wed, 21 Jul 2010 16:46:36 -0700 (PDT)
Received: by fxm1 with SMTP id 1so4356161fxm.31 for <hybi@ietf.org>; Wed, 21 Jul 2010 16:46:52 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.104.7 with SMTP id m7mr1128510fao.8.1279756012578; Wed, 21 Jul 2010 16:46:52 -0700 (PDT)
Received: by 10.223.112.129 with HTTP; Wed, 21 Jul 2010 16:46:52 -0700 (PDT)
In-Reply-To: <Pine.LNX.4.64.1007210653190.7242@ps20323.dreamhostps.com>
References: <AANLkTimo9g4Tvzd1RekVXKtTpOhRz58jr7VLqhS-Wrdf@mail.gmail.com> <Pine.LNX.4.64.1007210653190.7242@ps20323.dreamhostps.com>
Date: Thu, 22 Jul 2010 09:46:52 +1000
Message-ID: <AANLkTimSy0E9HYDGrklyZbnxFqjIaRhfjcJiPNN4EhqD@mail.gmail.com>
From: Greg Wilkins <gregw@webtide.com>
To: Ian Hickson <ian@hixie.ch>
Content-Type: multipart/alternative; boundary="001636c5966c876963048bee6a16"
Cc: hybi@ietf.org
Subject: Re: [hybi] Authentication headers
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Jul 2010 23:46:37 -0000

On 21 July 2010 17:01, Ian Hickson <ian@hixie.ch> wrote:

>  Cookies are supported because they are
> _very_ widely used, so there's something to reuse. HTTP auth is used so
> rarely that I'd seriously consider dropping it from HTTP at this point; I
> really don't think it's worth adding to WebSockets.
>


HTTP headers are frequently used for authentication mechanisms that are
neither the standard HTTP ones, nor plain simple cookies. For example many
OAUTH implementations allow tokens to be negotiated using HTTP headers.

Sure there are other ways than using headers, but the fact remains that many
implementations do use headers and I see no reason to break those
implementation nor prevent their usage with websocket.

v2.23.0 | Report a Bug | By Email