[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Authentication article

Write-up at xml.com from Mark Pilgrim on using HTTP authentication with WSSE
Username Token as an authentication technique for the AtomAPI [1].

The only thing that bothers me is that there's a lot here to suggest that
this system has already been adopted as part of the spec, but the current
draft leaves out discussion of authentication (it's "elided" see [2]), and I
couldn't find much on the Wiki ([3] seemed closest). There doesn't seem to
be anything conclusive on list.

The approach described in the article is certainly promising (I'd give it my
+1). But that's not the same as : "So that's what Atom authentication looks
like and that's why." This suggests that the technique described has been
fully discussed and accepted by the Atom community, which as far as I am
aware isn't the case (Side question - who are the vendors that have deployed
this? How did they know?).

I see there's a write-up of the format in the pipeline. I'd like to
respectfully ask Mark to ensure this refers to the consensus spec, rather
than a personal view of how the spec should look (unless of course the
'opinion' nature of the piece is made clear). We've already seen with RSS
how a single loud voice is enough to mess up a community, I trust this won't
be a recurrence.


[1] http://www.xml.com/pub/a/2003/12/17/dive.html
[2] http://www.imc.org/atom-syntax/mail-archive/msg01530.html
[3] http://www.intertwingly.net/wiki/pie/DifferentlyAbledClients