Re: [hybi] Supporting OAUTH-like authentication?
Iñaki Baz Castillo <ibc@aliax.net> Fri, 12 August 2011 22:27 UTC
Return-Path: <ibc@aliax.net>
X-Original-To: hybi@ietfa.amsl.com
Delivered-To: hybi@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FDAE21F874A for <hybi@ietfa.amsl.com>; Fri, 12 Aug 2011 15:27:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.652
X-Spam-Level:
X-Spam-Status: No, score=-2.652 tagged_above=-999 required=5 tests=[AWL=0.025, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sF83u+6uuF-5 for <hybi@ietfa.amsl.com>; Fri, 12 Aug 2011 15:27:40 -0700 (PDT)
Received: from mail-qy0-f179.google.com (mail-qy0-f179.google.com [209.85.216.179]) by ietfa.amsl.com (Postfix) with ESMTP id D626721F86DC for <hybi@ietf.org>; Fri, 12 Aug 2011 15:27:39 -0700 (PDT)
Received: by qyk35 with SMTP id 35so2005239qyk.10 for <hybi@ietf.org>; Fri, 12 Aug 2011 15:28:18 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.24.133 with SMTP id v5mr1023511qcb.178.1313188097843; Fri, 12 Aug 2011 15:28:17 -0700 (PDT)
Received: by 10.229.234.65 with HTTP; Fri, 12 Aug 2011 15:28:17 -0700 (PDT)
In-Reply-To: <CAE8AN_V2ADVOsRyHuWCnPX5FOCCBSkjgNx33P8TKYYiFTw5b7Q@mail.gmail.com>
References: <CAH_y2NHZuYTbpMnrHU65JtZzRE-pbiXnRRh=rOTknTbc_+8gow@mail.gmail.com> <4E320640.2080408@gmail.com> <CAH_y2NGf44v770VX8+bsFppokJb0_jtTvAA0zrM89uoJ1v6UJQ@mail.gmail.com> <CAE8AN_V2ADVOsRyHuWCnPX5FOCCBSkjgNx33P8TKYYiFTw5b7Q@mail.gmail.com>
Date: Sat, 13 Aug 2011 00:28:17 +0200
Message-ID: <CALiegf=etXVfTjx-Ff_39F6GQMUKvyzAxH53Kai97O-yUnG1cQ@mail.gmail.com>
From: Iñaki Baz Castillo <ibc@aliax.net>
To: Brian <theturtle32@gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: Hybi <hybi@ietf.org>, Greg Wilkins <gregw@intalio.com>
Subject: Re: [hybi] Supporting OAUTH-like authentication?
X-BeenThere: hybi@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Server-Initiated HTTP <hybi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/hybi>, <mailto:hybi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/hybi>
List-Post: <mailto:hybi@ietf.org>
List-Help: <mailto:hybi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/hybi>, <mailto:hybi-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Aug 2011 22:27:40 -0000
2011/8/12 Brian <theturtle32@gmail.com>: > This seems like a discussion for the JS API to me. The protocol spec > already explicitly allows arbitrary HTTP headers to be both sent and > received by the WebSocket server and client, if I recall correctly. The > only thing preventing usage of this feature is a limitation in the > JavaScript API. I don't think there's any reason to disallow arbitrary > headers being set on the WS handshake using exactly the same > mechanism/restrictions as we do today for XHR. > But what does that have to do with HyBi? This is like asking "what does Digest authentication have to do with SIP protocol?", or "what does _XMPP_authentication_mechanism_ have to do with XMPP protocol?". Maybe you prefer to see WebSocket as a "transport" protocol, but it's an application protocol, and it's not crazy *at all* to expect that an application protocol implements an authentication mechanism. But probably, given the ugly HTTP jungle, many people from HTTP world assume that authentication must exist in user layer, based on ugly HTML forms which require rendering a web page in the client. -- Iñaki Baz Castillo <ibc@aliax.net>
- [hybi] Supporting OAUTH-like authentication? Greg Wilkins
- Re: [hybi] Supporting OAUTH-like authentication? Philipp Serafin
- Re: [hybi] Supporting OAUTH-like authentication? Greg Wilkins
- Re: [hybi] Supporting OAUTH-like authentication? Brian
- Re: [hybi] Supporting OAUTH-like authentication? Iñaki Baz Castillo
- Re: [hybi] Supporting OAUTH-like authentication? Iñaki Baz Castillo