Talking to lots of people about identity, mashups, web services, and sustainability of the mashup ecology today at Mashup Camp. I'm wondering why LID apparently is using a new X- header for passing pointers to authentication information rather than re-using the existing extensible Authorization: header. Both GData and Amazon Web Services allow Authorization: as at least one option in their REST interfaces:
Authorization: GoogleLogin auth ...
Authorization: AWS ...
I know that GData uses 401 Unauthorized and WWW-Authenticate: challenge headers and I'm going to assume that AWS does too:
WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest"
So, existing services are using the RFC 2617 framework; it's working for them; why not build on top of that instead of inventing new headers?
Subscribe to:
Post Comments (Atom)
Start School Virtual, Go Physical When Feasible
These are my observations for our local conditions (Santa Clara County, July 10-12, 2020), which to summarize: Observations There are still ...
-
These are my observations for our local conditions (Santa Clara County, July 10-12, 2020), which to summarize: Observations There are still ... -
XAuth is a lot like democracy: The worst form of user identity prefs, except for all those others that have been tried (apologies to Churc...
-
Last night Rachel Maddow talked about an apparently fake NSA document "leaked" to her organization. There's a lot of info t...
No comments:
Post a Comment