Friday, July 28, 2006

URL format change for Journals

One of the recent changes this week in Journals is an update to the format of our entry URLs.  We're essentially adding the entry date and title to the URL, for example:

.../entries/2006/07/13/rest-and-the-authorization-header/1354

So anyone who may be parsing our URLs -- be aware that the format has changed :).  We will, however, do a permanent redirect from the old URLs to the new ones.

Thursday, July 13, 2006

REST and the Authorization: Header

Talking to lots of people about identity, mashups, web services, and sustainability of the mashup ecology today at Mashup Camp.  I'm wondering why LID apparently is using a new X- header for passing pointers to authentication information rather than re-using the existing extensible Authorization: header.  Both GData and Amazon Web Services  allow Authorization: as at least one option in their REST interfaces:

Authorization: GoogleLogin auth ...
Authorization: AWS ...

I know that GData uses 401 Unauthorized and WWW-Authenticate: challenge headers and I'm going to assume that AWS does too:

WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest" 

So, existing services are using the RFC 2617 framework; it's working for them; why not build on top of that instead of inventing new headers?

Wednesday, July 12, 2006

Mashup Camp: Identity and Access Control in Mashups

Some notes I just took for the AccessControl session (my first session of the camp).  Here's a shot of the campers organizing the schedule an hour ago: