- From: Sandeep More <notifications@github.com>
- Date: Fri, 29 Jan 2016 15:53:40 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/185@github.com>
Sorry if this is not the right place, I tried to send an email to the mailing list but kept on getting list-help@listhubw3org replies Also, let me apologize in advance if this has already been discussed I was going through the Push API specs and I was thinking about authenticating to the Push Service, specifically between User Agent and Push Service Currently, it looks like there is no way user agent can authenticate to the Push Service (and in turn to application server) As of now anyone can pretty much subscribe to any and all push messages advertised by a Push Service (on behalf of application server), this will not only put extra load on the Push Service but it will also prevent it from letting in only select user agents I can think of at-least two uses cases where this can be beneficial 1) Say you have an web-application (on application server ) and you only want to push messages to only your registered users 2) If you want to roll your own Push Service and don't want it to be open to all In the following subscribe function `Promise<PushSubscription> subscribe (optional PushSubscriptionOptions options); ` There is an optional parameter PushSubscriptionOptions, it appears that this Option is enforced on in-coming messages Maybe, a similar optional parameter such as Authentication can be added here to be passed on to the Push Service Push Service can then check with a) Application Server or b) Application Server can share the auth info before hand or c) Push Service can use a gateway in front to authenticate the Worker Authorization can also be added to this object if required Thanks ! --- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/185
Received on Friday, 29 January 2016 23:54:08 UTC