Ever notice how practically no one uses HTTP auth?  :)

On Tue, Oct 28, 2008 at 1:16 AM, Paul P. Komkoff Jr <[EMAIL PROTECTED]>wrote:

> On Oct 28, 2:02 am, "Kenton Varda" <[EMAIL PROTECTED]> wrote:
> > I don't really have a stake in the design of a protobuf-based RPC format.
> >  However, I'd like to point out that the design philosophy we tend to
> prefer
> > at Google is to keep each layer of the system as simple as possible, and
> > implement orthogonal features using separate layers.  Authentication is a
> > great example of something that I would not want to make part of an RPC
> > protocol itself, but rather implement as a layer under it, similar to the
> > way HTTP can operate over SSL.  If you keep the system separate in this
> way,
> First, I'm talking about something similar to simple HTTP auth, which
> allows us to authenticate by key/value pair and does not include TLS.
> With support for "struct user_credentials" passed to server method, so
> we can "impersonate" the user.
> Also, even before considering paragraph above, if you have the system
> separate that way it will produce incompatible wire formats. My goal
> is to have, at least, lowest common denominator which could be
> implemented in, at least, twisted-python and something-java, in order
> to bootstrap my project now. It would be wonderful if this LCD format
> will have some notion of authentication (or authorization, if
> authentication is performed by separate coexisting entity that
> produces auth cookies).
> > it's much easier for people to avoid the overhead of features they don't
> > need, find alternative ways of implementing individual features, and to
> > reuse code in general.
> > Just my opinion.
> >

You received this message because you are subscribed to the Google Groups 
"Protocol Buffers" group.
To post to this group, send email to protobuf@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 

Reply via email to