2006/07/13

REST and the Authorization: Header

Talking to lots of people about identity, mashups, web services, and sustainability of the mashup ecology today at Mashup Camp.  I'm wondering why LID apparently is using a new X- header for passing pointers to authentication information rather than re-using the existing extensible Authorization: header.  Both GData and Amazon Web Services  allow Authorization: as at least one option in their REST interfaces:

Authorization: GoogleLogin auth ...
Authorization: AWS ...

I know that GData uses 401 Unauthorized and WWW-Authenticate: challenge headers and I'm going to assume that AWS does too:

WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest" 

So, existing services are using the RFC 2617 framework; it's working for them; why not build on top of that instead of inventing new headers?

No comments:

Post a Comment

Suspended by the Baby Boss at Twitter

Well!  I'm now suspended from Twitter for stating that Elon's jet was in London recently.  (It was flying in the air to Qatar at the...