- From: Sandeep More <notifications@github.com>
- Date: Fri, 29 Jan 2016 17:15:01 -0800
- To: w3c/push-api <push-api@noreply.github.com>
- Message-ID: <w3c/push-api/issues/185/177037751@github.com>
Thanks for a speedy response and the link to the IETF Draft (should have read it before) ! [Section # 3 Subscription Association](https://tools.ietf.org/html/draft-thomson-webpush-vapid-01#section-3), mostly addresses my question and I really like the idea. The draft addresses concerns about protecting Application Server and liking subscriptions to application servers by using keys. I am not clear on how a user agent identifies itself to the Application Server. Say, in a eCommerce website you would only want to push notifications to logged-in/authenticated users. What I was trying to say was that the User Agent could either pass an authenticated token [1] from cookie etc. or explicit credentials (stored in browser) so they can be subscribed. The Application server can then look into the subscription and send directed messages. About my second use-case - agreed, is there a draft for this already or a plan to have a draft for this in the future ? [1] The draft does talk about tokens but I am not sure whether they are access tokens that are already issued or custom tokens, apologies in case I misread it. --- Reply to this email directly or view it on GitHub: https://github.com/w3c/push-api/issues/185#issuecomment-177037751
Received on Saturday, 30 January 2016 01:15:38 UTC