2010/1/24 Julien Genestoux <[email protected]>: > I really like Blaine's scenario. I'm not 100% familiar with the full OAuth > process, but I think this kinds of get closer to what it is.
Thanks! Just to be clear, I'm not proposing that OAuth get involved at all here; I think PSHB's secret and push approach obviates the need for OAuth, or any traditional "Authentication" schemes in this scenario. > I'm not sure the hub should return a 204 until the subscription is _fully_ > accepted by all parties. (at least, that would make this extension downward > compatible, see my next point). I think return 202 can be interpreted by > "hey, we're checking that all parties agree to your subscription". > The problem then lies in the 'state' of the subscription for the subscriber. > My suggestion here would be to make the hub return 204 for previously > accepted subscriptions. So, if the susbcriber happens to ask again, the hub > can return 204 without checking the intent again. > > I want to insist on the fact that this should be an _optional_ extension, > which means that it should absolutely not change the susbcriber's behavior, > to maintain compatibility with any hub/publihser that doesn't implement this > extension. Agreed; the reason I didn't want to make the hub return 202 as a reply to a successful synchronous request is because to do so would be explicitly against the existing spec (and as such, subscribers might try to re-subscribe, etc). The way I think about it, the initial "204" subscription response doesn't mean "Ok, you're subscribed, and I as a hub will send you each and every update until the lease time is up," but rather "Ok, you're not a spammer, and I've registered your intent to receive these updates. Once I figure out if you're allowed to receive these updates, I'll definitely start sending you them." I'll hold off on writing up anything more until we hear back from Brett and/or Brad, but I'm chomping at the bit to get this written up (I have similar code written in an as-yet unreleased project, and it would be great to release against something real). b.
