- From: Martin Thomson <notifications@github.com>
- Date: Mon, 15 Dec 2014 09:58:23 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/95/67035960@github.com>
@jakearchibald : > Does the server-to-server protocol include registering with the push service? At the moment, as an "app owner" I need to register with GCM in order to get an API key to post messages, is that requirement going away? @mvano: > Jake: that is also required. So that's another reason why we'll need a more short term solution or workaround. I'm hesitant to add something to the API though that only exists for handling cross-browser differences. I think that the relevant people to bring in are @costinm and nero. In my opinion, ff the push service requires that application servers register, we have failed. Managing multi-party relationships like that doesn't scale. I'm not against the application and push service opportunistically authenticating. For instance, Facebook might generate a lot of pushes, and so might have some way of signaling its pushes to GCM, which might enable separate accounting of those messages. But I'd be strongly opposed to a scheme for authenticating applications if it were anything less than opportunistic. @jakearchibald is right, if you require proprietary authentication, that makes you look bad. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/95#issuecomment-67035960
Received on Monday, 15 December 2014 17:58:53 UTC