- From: Peter Beverloo <notifications@github.com>
- Date: Fri, 29 Jan 2016 16:07:54 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/185/177026456@github.com>
Thank you for your input! Messages can be send to a W3C list after you subscribe to the list. The readme of this repository shares the link where you can do so for the [public-webapps](https://lists.w3.org/Archives/Public/public-webapps/) list. There currently exists an IETF draft for [Voluntary Application Server Identification for Web Push](https://tools.ietf.org/html/draft-thomson-webpush-vapid), for which Martin also wrote a [pull request](https://github.com/w3c/push-api/pull/182) to the Push API. This draft defines two things: a mechanism for an application server to identify themselves to a push service, and a mechanism for a subscription to be associated with a given application server. The pull request exposes the ability to create this authentication through a new `PushSubscriptionOptions.applicationServerKey` member. A push service could restrict usage by requiring the public keys of application servers (provided by both the user agent upon subscribing and the application server upon sending a message) to be registered in some sort of portal. This wouldn't be great from an interoperability perspective, but I understand that operational reasons may (at least initially) require this. Please do note that you'll need to create your own user agent in order to satisfy your second use-case: allowing developers to select their own push service is a non-goal of the API. How you handle authentication requirements between the user agent and the push service in that case is largely up to you. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/185#issuecomment-177026456
Received on Saturday, 30 January 2016 00:08:24 UTC