2010/1/24 Julien Genestoux <[email protected]>:
> I really like Blaine's scenario. I'm not 100% familiar with the full OAuth
> process, but I think this kinds of get closer to what it is.

Thanks! Just to be clear, I'm not proposing that OAuth get involved at
all here; I think PSHB's secret and push approach obviates the need
for OAuth, or any traditional "Authentication" schemes in this
scenario.

> I'm not sure the hub should return a 204 until the subscription is _fully_
> accepted by all parties. (at least, that would make this extension downward
> compatible, see my next point). I think return 202 can be interpreted by
> "hey, we're checking that all parties agree to your subscription".
> The problem then lies in the 'state' of the subscription for the subscriber.
> My suggestion here would be to make the hub return 204 for previously
> accepted subscriptions. So, if the susbcriber happens to ask again, the hub
> can return 204 without checking the intent again.
>
> I want to insist on the fact that this should be an _optional_ extension,
> which means that it should absolutely not change the susbcriber's behavior,
> to maintain compatibility with any hub/publihser that doesn't implement this
> extension.

Agreed; the reason I didn't want to make the hub return 202 as a reply
to a successful synchronous request is because to do so would be
explicitly against the existing spec (and as such, subscribers might
try to re-subscribe, etc).

The way I think about it, the initial "204" subscription response
doesn't mean "Ok, you're subscribed, and I as a hub will send you each
and every update until the lease time is up," but rather "Ok, you're
not a spammer, and I've registered your intent to receive these
updates. Once I figure out if you're allowed to receive these updates,
I'll definitely start sending you them."

I'll hold off on writing up anything more until we hear back from
Brett and/or Brad, but I'm chomping at the bit to get this written up
(I have similar code written in an as-yet unreleased project, and it
would be great to release against something real).

b.

Reply via email to