Re: XML2004Hackathon

[jpanzer@xxxxxxx (John Panzer)]

Robert Sayre wrote:

> [see atom-syntax for the rest of this thread]
>
> Dare Obasanjo wrote:
>
> > --- Robert Sayre <mint@xxxxxxxxxxxxxxx> wrote:
> >
> > However we have a major blogging tool
> > vendor claiming that they plan to ignore that part of
> > the spec which makes the spec not worth the much.
> > More importantly, restricting what authentication
> > mechanisms people can use is just plain silly.
> > Perhaps we should take this to atom-protocol?
>
>
> Yes. Silly. Agreed on all points.

I'm at least partly to blame for the current wording regarding 
authentication interoperability in the spec.  My original motivation for 
pushing for some kind of minimal security was the observation that my 
company is not implementing support for the Blogger protocol with third 
party clients largely because of the authentication issues with it 
(functionally equivalent to HTTP Basic auth).  In this regard, lacking a 
capability is a stopper for interoperability; fallback to lesser 
security is not an option for us.

Some clients supporting Blogger support TLS (https) as well, which would 
address the problem.  At the time we investigated clients, though, it 
was not clear how many clients actually supported TLS and how difficult 
it would be for end users to cofigure endpoints, how difficult it would 
be to do compatibility testing, etc.  So, while it technically might be 
possible, the additional overhead killed our support of that API.  I'm 
hoping that the Atom protocol will fix this.

-John Panzer
http://journals.aol.com/panzerjohn/abstractioneer