W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Mixed http2/1.1 Authentication

From: Ilari Liusvaara <ilariliusvaara@welho.com>
Date: Sat, 12 Mar 2016 18:44:30 +0200
To: Dennis Olvany <dennisolvany@gmail.com>
Cc: ietf-http-wg@w3.org
Message-ID: <20160312164430.GA11687@LK-Perkele-V2.elisa-laajakaista.fi>
On Sat, Mar 12, 2016 at 04:16:14PM +0000, Dennis Olvany wrote:
> Hello,
> I am interested in understanding the interoperability of http
> authentication in a mixed http2/1.1 deployment. The use case is http2
> between client and load balancer (ssl offload), then http1.1 between load
> balancer and server. Authentication occurs at the server, not the load
> balancer. My understanding is that the authorization header is sent with
> every request, but perhaps this is not the case if the client is performing
> http2 header compression. It seems logical that it should be the
> responsibility of the intermediary to cache and transmit the header with
> each request. Does the standard stipulate the behavior of clients and
> intermediaries to support authentication in a mixed design? Are there any
> known limitations with such a design?

Basically, the header is logically sent in every request (that is to be
authenticated), even if header compression compresses it to zero space.

So if the load balancer can forward to multiple servers, it needs to
take the header compression context into account for each request.

Received on Saturday, 12 March 2016 16:45:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC