Braid-HTTP synchronization proposal: Authentication from Santiago Bazerque on 2019-12-13 (ietf-http-wg@w3.org from October to December 2019)

From: Santiago Bazerque <sbazerque@gmail.com>
Date: Fri, 13 Dec 2019 10:55:50 -0300
To: ietf-http-wg@w3.org
Message-ID: <CABuN8zGQTWmhZh3nBAKR-Yr=Y=UrF8h9eLBLstpiwQFhUgc-MQ@mail.gmail.com>

Hello HTTP group!

I'm interested in using the Braid proposal for adding synchronization
capabilities to HTTP. I would like to use it as a standard interface for
otherwise ad-hoc work in adding decentralization capabilities to web
browsers.

Studying the proposed spec, I'd assume that the intended use of the
extensions is in contexts where HTTP is used as an API language (similar to
say, a REST API), rather as a presentation artifact. This is consistent
with the examples given in the spec about a chat application, where the
changes operate on a JSON representation of the conversation:

         PUT /chat
         Version: "g09ur8z74r"
         Parents: "ej4lhb9z78"
         Content-Type: application/json
         Merge-Type: sync9
         Patches: 2

         Content-Length: 62
         Content-Range: json .messages[1:1]

         [{text: "Yo!",
           author: {type: "link", value: "/user/yobot"}]

How would authentication work in such a setting? Does the proposed
extension formalize some set of rules about who would be allowed to PUT
such a modification, or would that be up to each implementation?

Thanks in advance for any clarifications.

Best,
Santiago Bazerque

Received on Friday, 13 December 2019 14:41:46 UTC