W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2016

Re: Mixed http2/1.1 Authentication

From: Dennis Olvany <dennisolvany@gmail.com>
Date: Sat, 12 Mar 2016 17:36:24 +0000
Message-ID: <CAATNdDzpSydhqrWyN5UcMACDTcHFY++9AsW7jAu4aCCeU7ciFw@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: ietf-http-wg@w3.org
Thanks, Ilari. After further research, it looks like I may be running into
the http2 incompatibility with ntlm. Is this limitation applicable to the
mixed use case? Is anyone aware of a good write up which explains the ntlm
incompatibility?

-Dennis
On Sat, Mar 12, 2016 at 11:44 AM Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Sat, Mar 12, 2016 at 04:16:14PM +0000, Dennis Olvany wrote:
> > Hello,
> >
> > I am interested in understanding the interoperability of http
> > authentication in a mixed http2/1.1 deployment. The use case is http2
> > between client and load balancer (ssl offload), then http1.1 between load
> > balancer and server. Authentication occurs at the server, not the load
> > balancer. My understanding is that the authorization header is sent with
> > every request, but perhaps this is not the case if the client is
> performing
> > http2 header compression. It seems logical that it should be the
> > responsibility of the intermediary to cache and transmit the header with
> > each request. Does the standard stipulate the behavior of clients and
> > intermediaries to support authentication in a mixed design? Are there any
> > known limitations with such a design?
>
> Basically, the header is logically sent in every request (that is to be
> authenticated), even if header compression compresses it to zero space.
>
> So if the load balancer can forward to multiple servers, it needs to
> take the header compression context into account for each request.
>
>
> -Ilari
>
Received on Saturday, 12 March 2016 17:37:03 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 22 March 2016 12:47:11 UTC