- From: Mike Bishop <Michael.Bishop@microsoft.com>
- Date: Fri, 3 Oct 2014 20:15:59 +0000
- To: Michael B Allen <ioplex@gmail.com>, David Morris <dwm@xpasc.com>
- CC: "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
You don't reuse streams -- they're one stream per request-response. That's the problem the draft attempts to solve, that there's no correlation between the previous 401 and the new request. -----Original Message----- From: Michael B Allen [mailto:ioplex@gmail.com] Sent: Friday, October 3, 2014 12:27 PM To: David Morris Cc: ietf-http-wg@w3.org Subject: Re: Authentication and TCP Connection State On Fri, Oct 3, 2014 at 2:06 PM, David Morris <dwm@xpasc.com> wrote: > > I don't see any difference here between multiple TCP connections and > multiple streams within a single HTTP/2 TCP connection. Ok. Then the server auth module just needs a unique id for that stream. So is there an HTTP/2 header that uniquely identifies the stream? If not, I think there should be one. And it should be generic like "Stream-ID" (as opposed to "Auth-ID"). Of course this all assumes that clients will use streams like they currently use TCP connections. Meaning only one multi-legged auth per stream. And clients would have to minimize and reuse the set of Stream-IDs they use. Mike
Received on Friday, 3 October 2014 20:16:27 UTC