W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Mixed http2/1.1 Authentication

From: Dennis Olvany <dennisolvany@gmail.com>
Date: Sat, 12 Mar 2016 16:16:14 +0000
Message-ID: <CAATNdDw1Den+LXYBv3ZAGSWUQU4x_0aK=wumPPNYa9RrhYu+PA@mail.gmail.com>
To: ietf-http-wg@w3.org

I am interested in understanding the interoperability of http
authentication in a mixed http2/1.1 deployment. The use case is http2
between client and load balancer (ssl offload), then http1.1 between load
balancer and server. Authentication occurs at the server, not the load
balancer. My understanding is that the authorization header is sent with
every request, but perhaps this is not the case if the client is performing
http2 header compression. It seems logical that it should be the
responsibility of the intermediary to cache and transmit the header with
each request. Does the standard stipulate the behavior of clients and
intermediaries to support authentication in a mixed design? Are there any
known limitations with such a design?

Received on Saturday, 12 March 2016 16:16:52 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC