Talking to lots of people about identity, mashups, web services, and sustainability of the mashup ecology today at Mashup Camp. I'm wondering why LID apparently is using a new X- header for passing pointers to authentication information rather than re-using the existing extensible Authorization: header. Both GData and Amazon Web Services allow Authorization: as at least one option in their REST interfaces:
Authorization: GoogleLogin auth ...
Authorization: AWS ...
I know that GData uses 401 Unauthorized and WWW-Authenticate: challenge headers and I'm going to assume that AWS does too:
WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest"
So, existing services are using the RFC 2617 framework; it's working for them; why not build on top of that instead of inventing new headers?
Subscribe to:
Post Comments (Atom)
Suspended by the Baby Boss at Twitter
Well! I'm now suspended from Twitter for stating that Elon's jet was in London recently. (It was flying in the air to Qatar at the...
-
Last night Rachel Maddow talked about an apparently fake NSA document "leaked" to her organization. There's a lot of info t... -
XAuth is a lot like democracy: The worst form of user identity prefs, except for all those others that have been tried (apologies to Churc...
-
These are my observations for our local conditions (Santa Clara County, July 10-12, 2020), which to summarize: Observations There are still ...
No comments:
Post a Comment