Sorry about the late reply to this. There's one other major open issue
for the APP: There's still been no consensus on section 13,
authentication.
Apparently PaceAuthentication[1] has been shelved[2]. Didn't realize
that had happened. There is also PaceBasicAuthentication[3] which
addresses a subset of PaceAuthentication; I'm generally +1 on it but I
don't think it addresses the TODO item below.
More importantly, there's a big TODO item in the current draft APP spec[4]:
13.1 CGI Authentication
[[anchor27: note: this section is incomplete; cgi-authentication is
described but is unspecified.]] This authentication method is
included as part of the protocol to allow Atom Protocol servers and
clients that cannot use HTTP Digest Authentication but where the user
can both insert its own HTTP headers and create a CGI program to
authenticate entries to the server. This scenario is common in
environments where the user cannot control what services the server
employs, but the user can write their own HTTP services.
I think we need to complete this section or remove it before declaring
APP complete.
As a data point, I just tried Ecto, which in supports Atom publishing,
with my system, which supports HTTPS+Basic Auth. I was able to get as
far as authentication; when my server said it supported only HTTP Basic,
Ecto tried to send a WSSE authentication token, which of course failed.
Given the current state of the spec I really don't want to spend time
implementing WSSE; and unfortunately 'just use HTTP authentication' is
clearly failing to achieve interoperability in this case. Supporting
HTTP Digest might be possible but it's silly in this scenario given that
we're using TLS. The point of PaceAuthentication was to specify a
minimal set of schemes that both clients and servers could be sure would
work, if perhaps inefficiently. Having to implement multiple schemes is
just bad for updake and interoperability. There may be some issues with
us implementing Digest as well as we have to deal with an existing
authentication system which has no provision for digest auth.
If anyone else has a client that can be configured to publish using APP,
please let me know -- I'd like to test things out.
-John
[1] http://www.intertwingly.net/wiki/pie/PaceAuthentication
[2] http://www.intertwingly.net/wiki/pie/AtomPubIssuesList
[3] http://www.intertwingly.net/wiki/pie/PaceBasicAuthentication
[4] http://www.ietf.org/internet-drafts/draft-ietf-atompub-protocol-08.txt
Tim Bray wrote on 5/24/2006, 10:04 AM:
>
> <co-chair-mode>
> As we see it, there are really only 1.5 issues outstanding. Media
> entries is obvious. I had an action item to make PaceMediaEntries
> more human-readable; thus, check out http://www.intertwingly.net/wiki/
> pie/PaceMediaEntries5
>
> There's been a lot of discussion of the iterations of this Pace, and
> a lot of it was of the form "sort of OK, but I'm uncomfortable with
> XXX". So before we do the last-chance +/- survey, we'd like one
> last call for amendments, improvements to the Pace that might move
> people from negative to positive.
>
> Second: Categories. As of now, the draft is silent on the subject,
> which your co-chairs think is questionable, and we want the WG to do
> some more work.
>
> PaceCategoryListing failed to achieve consensus on the grounds of
> incompleteness: http://intertwingly.net/wiki/pie/PaceCategoryListing
>
> PaceCategoryListing2 was withdrawn: http://intertwingly.net/wiki/pie/
> PaceCategoryListing2
>
> PaceCategoryLink didn't get much commentary: http://intertwingly.net/
> wiki/pie/PaceCategoryLink
>
> Or, is the WG OK with explicitly giving up? http://
> www.intertwingly.net/wiki/pie/PaceNoCategoryManagementInCore
>
> There was lots of useful constructive discussion, see the messages
> around
> http://www.imc.org/atom-protocol/mail-archive/msg04253.html
>
> We did seem to have some pretty clearly articulated requirements
> statements. See
> http://www.imc.org/atom-protocol/mail-archive/msg04150.html
> http://www.imc.org/atom-protocol/mail-archive/msg04174.html
> http://www.imc.org/atom-protocol/mail-archive/msg04190.html
> http://www.imc.org/atom-protocol/mail-archive/msg04269.html
>
> So, it's time for the WG to settle this. Reasonable positions to
> support might be:
> - give up
> - something like PaceCategoryLink
> - something else.
>
> Let's hear your views. Note that this is not a consensus call on
> categories, but a call for the sentiment of how we should move
> forwards on the topic.
> </co-chair-mode>
>
> -Tim
>
--
Abstractioneer John Panzer
System Architect
http://abstractioneer.org
