Hey Monica, Thanks a lot for the response and my apologies for taking so long to get back to you.
On Thu, Oct 7, 2010 at 11:24 AM, Monica Keller <[email protected]> wrote: > Concerns for Option1 here > -Putting burden on subscribers to handle the different HTTP methods (DELETE, > PUT) -- Not a huge concern Indeed, and the method stuff may just be in the X-HTTP-Method-Override header anyways. > Would we know be asking all subscribers to have SSL certs ? That is a fairly > big requirement. > > OAuth 2 burdens the service providers with this so I have concers about > burdening the subscribers with it. Yes I agree that's an issue. My hope was there is a way to have Hubs cache SSL cert fingerprints, so even a self-signed cert could be added to the certificate chain if it was the same one that was originally used to establish the subscription. > My other question would be whether web hooks is a better fit today for APIs > since there really isn't a need for a hub to fan out. > > As much as I love PubSubHubbub I think we should answer the question of how > many service providers would want to push their response to another hub. > MySpace and FB didn't really need an external hub. At Socialcast its the > same thing we are going to add PuSH but its a private response for which you > need to authenticate > > My experience leads me to believe there is a serious need to support a > publisher who is its own hub. Well I totally agree with you that the common case is becoming people running their own hub. The old light-pings are mostly there for bootstrapping and boosting adoption. However, even if you run your own hub, how do you achieve "a private response for which you need to authenticate"? What is Socialcast using for authentication from your self-run hub to the subscriber? X-Hub-Signature works well enough for payload-only messages, but what about messages that have headers, like arbitrary content? I don't think that running your own hub alleviates that problem, which is why I'm looking for a general solution that all providers can employ. Does that make sense? -Brett
