One of the recent changes this week in Journals is an update to the format of our entry URLs. We're essentially adding the entry date and title to the URL, for example:
.../entries/2006/07/13/rest-and-the-authorization-header/1354
So anyone who may be parsing our URLs -- be aware that the format has changed :). We will, however, do a permanent redirect from the old URLs to the new ones.
Friday, July 28, 2006
Thursday, July 13, 2006
REST and the Authorization: Header
Talking to lots of people about identity, mashups, web services, and sustainability of the mashup ecology today at Mashup Camp. I'm wondering why LID apparently is using a new X- header for passing pointers to authentication information rather than re-using the existing extensible Authorization: header. Both GData and Amazon Web Services allow Authorization: as at least one option in their REST interfaces:
Authorization: GoogleLogin auth ...
Authorization: AWS ...
I know that GData uses 401 Unauthorized and WWW-Authenticate: challenge headers and I'm going to assume that AWS does too:
WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest"
So, existing services are using the RFC 2617 framework; it's working for them; why not build on top of that instead of inventing new headers?
Authorization: GoogleLogin auth ...
Authorization: AWS ...
I know that GData uses 401 Unauthorized and WWW-Authenticate: challenge headers and I'm going to assume that AWS does too:
WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest"
So, existing services are using the RFC 2617 framework; it's working for them; why not build on top of that instead of inventing new headers?
Wednesday, July 12, 2006
Mashup Camp: Identity and Access Control in Mashups
Some notes I just took for the AccessControl session (my first session of the camp). Here's a shot of the campers organizing the schedule an hour ago:
Subscribe to:
Posts (Atom)
