Talking to lots of people about identity, mashups, web services, and sustainability of the mashup ecology today at Mashup Camp. I'm wondering why LID apparently is using a new X- header for passing pointers to authentication information rather than re-using the existing extensible Authorization: header. Both GData and Amazon Web Services allow Authorization: as at least one option in their REST interfaces:
Authorization: GoogleLogin auth ...
Authorization: AWS ...
I know that GData uses 401 Unauthorized and WWW-Authenticate: challenge headers and I'm going to assume that AWS does too:
WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest"
So, existing services are using the RFC 2617 framework; it's working for them; why not build on top of that instead of inventing new headers?
Subscribe to:
Post Comments (Atom)
COVID-19: Evaluating School Closures
I'm getting increasingly concerned that many Santa Clara County public schools are continuing normal operations when -- based on availab...
-
Last night Rachel Maddow talked about an apparently fake NSA document "leaked" to her organization. There's a lot of info t... -
I've had a Facebook account for a few years, largely because other people were on it and were organizing useful communities there. I s...
-
I'm getting increasingly concerned that many Santa Clara County public schools are continuing normal operations when -- based on availab...
No comments:
Post a Comment