From ykaul at redhat.com Mon Apr 16 10:52:25 2012
Content-Type: multipart/mixed; boundary="===============9069461820245831928=="
MIME-Version: 1.0
From: Yaniv Kaul <ykaul at redhat.com>
To: devel at ovirt.org
Subject: Re: [Engine-devel] REST session management
Date: Mon, 16 Apr 2012 17:34:40 +0300
Message-ID: <4F8C2E00.9010304@redhat.com>
In-Reply-To: 4F8C112F.1060703@redhat.com

--===============9069461820245831928==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

This is a multi-part message in MIME format.
--------------040008030508030100010909
Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed
Content-Transfer-Encoding: 7bit

On 04/16/2012 03:31 PM, Geert Jansen wrote:
>
> On 04/16/2012 01:03 PM, Yaniv Kaul wrote:
>
>>> So (unless someone objects) let's go for option #2 (using the Prefer
>>> header on each and every request, and release the session once it is
>>> not there).
>>
>> My only objection is that you implement a draft spec and implement a
>> header without even bothering to register it - or asking if there is
>> such an identical-purposed header with a different name which may get
>> registered / is already in use somewhere.
>
> This is somewhat of a red herring though.
>
> HTTP Prefer was created exactly for the purpose of indicating a =

> preference for a certain behavior of response. Have a look at section =

> 9.1.1 of the draft RFC for the initial preferences and you'll see the =

> preferences that are already registered.
>
> HTTP Prefer also defines a registration process for the possible =

> values of this header. The process requires an email to =

> preferences(a)ietf.org with a 14 day response time.
>
> The alternative to HTTP Prefer would be creating a new header (as i am =

> not aware of any other /approved/ header that fits the bill). This =

> requires writing an RFC and get it approved, which would take much =

> longer, and which would likely get the comment of "Why aren't you =

> using Prefer".

I'm more worried about "persistent-auth" than 'prefer'.  We could always =

contact the draft author (jasnell(a)gmail.com) and ask for his opinion.
Y.

>
> Even if HTTP Prefer, for whatever reason, unexpectedly does not become =

> a standard, i think in practice this does not impact us in any way.
>
> Regards
> Geert


--------------040008030508030100010909
Content-Type: text/html; charset=3DISO-8859-1
Content-Transfer-Encoding: 7bit

<html>
  <head>
    <meta content=3D"text/html; charset=3DISO-8859-1"
      http-equiv=3D"Content-Type">
  </head>
  <body text=3D"#000000" bgcolor=3D"#FFFFFF">
    On 04/16/2012 03:31 PM, Geert Jansen wrote:
    <blockquote cite=3D"mid:4F8C112F.1060703(a)redhat.com" type=3D"cite">
      <br>
      On 04/16/2012 01:03 PM, Yaniv Kaul wrote:
      <br>
      <br>
      <blockquote type=3D"cite">
        <blockquote type=3D"cite">So (unless someone objects) let's go for
          option #2 (using the Prefer
          <br>
          header on each and every request, and release the session once
          it is
          <br>
          not there).
          <br>
        </blockquote>
        <br>
        My only objection is that you implement a draft spec and
        implement a
        <br>
        header without even bothering to register it - or asking if
        there is
        <br>
        such an identical-purposed header with a different name which
        may get
        <br>
        registered / is already in use somewhere.
        <br>
      </blockquote>
      <br>
      This is somewhat of a red herring though.
      <br>
      <br>
      HTTP Prefer was created exactly for the purpose of indicating a
      preference for a certain behavior of response. Have a look at
      section 9.1.1 of the draft RFC for the initial preferences and
      you'll see the preferences that are already registered.
      <br>
      <br>
      HTTP Prefer also defines a registration process for the possible
      values of this header. The process requires an email to
      <a class=3D"moz-txt-link-abbreviated" href=3D"mailto:preferences(a)ie=
tf.org">preferences(a)ietf.org</a> with a 14 day response time.
      <br>
      <br>
      The alternative to HTTP Prefer would be creating a new header (as
      i am not aware of any other /approved/ header that fits the bill).
      This requires writing an RFC and get it approved, which would take
      much longer, and which would likely get the comment of "Why aren't
      you using Prefer".
      <br>
    </blockquote>
    <br>
    I'm more worried about "persistent-auth" than 'prefer'.&nbsp; We could
    always contact the draft author (<a class=3D"moz-txt-link-abbreviated" =
href=3D"mailto:jasnell(a)gmail.com">jasnell(a)gmail.com</a>) and ask for his
    opinion.<br>
    Y.<br>
    <br>
    <meta http-equiv=3D"content-type" content=3D"text/html;
      charset=3DISO-8859-1">
    <blockquote cite=3D"mid:4F8C112F.1060703(a)redhat.com" type=3D"cite">
      <br>
      Even if HTTP Prefer, for whatever reason, unexpectedly does not
      become a standard, i think in practice this does not impact us in
      any way.
      <br>
      <br>
      Regards
      <br>
      Geert
      <br>
    </blockquote>
    <br>
  </body>
</html>

--------------040008030508030100010909--

--===============9069461820245831928==
Content-Type: multipart/alternative
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="attachment.bin"

VGhpcyBpcyBhIG11bHRpLXBhcnQgbWVzc2FnZSBpbiBNSU1FIGZvcm1hdC4KLS0tLS0tLS0tLS0t
LS0wNDAwMDgwMzA1MDgwMzAxMDAwMTA5MDkKQ29udGVudC1UeXBlOiB0ZXh0L3BsYWluOyBjaGFy
c2V0PUlTTy04ODU5LTE7IGZvcm1hdD1mbG93ZWQKQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzog
N2JpdAoKT24gMDQvMTYvMjAxMiAwMzozMSBQTSwgR2VlcnQgSmFuc2VuIHdyb3RlOgo+Cj4gT24g
MDQvMTYvMjAxMiAwMTowMyBQTSwgWWFuaXYgS2F1bCB3cm90ZToKPgo+Pj4gU28gKHVubGVzcyBz
b21lb25lIG9iamVjdHMpIGxldCdzIGdvIGZvciBvcHRpb24gIzIgKHVzaW5nIHRoZSBQcmVmZXIK
Pj4+IGhlYWRlciBvbiBlYWNoIGFuZCBldmVyeSByZXF1ZXN0LCBhbmQgcmVsZWFzZSB0aGUgc2Vz
c2lvbiBvbmNlIGl0IGlzCj4+PiBub3QgdGhlcmUpLgo+Pgo+PiBNeSBvbmx5IG9iamVjdGlvbiBp
cyB0aGF0IHlvdSBpbXBsZW1lbnQgYSBkcmFmdCBzcGVjIGFuZCBpbXBsZW1lbnQgYQo+PiBoZWFk
ZXIgd2l0aG91dCBldmVuIGJvdGhlcmluZyB0byByZWdpc3RlciBpdCAtIG9yIGFza2luZyBpZiB0
aGVyZSBpcwo+PiBzdWNoIGFuIGlkZW50aWNhbC1wdXJwb3NlZCBoZWFkZXIgd2l0aCBhIGRpZmZl
cmVudCBuYW1lIHdoaWNoIG1heSBnZXQKPj4gcmVnaXN0ZXJlZCAvIGlzIGFscmVhZHkgaW4gdXNl
IHNvbWV3aGVyZS4KPgo+IFRoaXMgaXMgc29tZXdoYXQgb2YgYSByZWQgaGVycmluZyB0aG91Z2gu
Cj4KPiBIVFRQIFByZWZlciB3YXMgY3JlYXRlZCBleGFjdGx5IGZvciB0aGUgcHVycG9zZSBvZiBp
bmRpY2F0aW5nIGEgCj4gcHJlZmVyZW5jZSBmb3IgYSBjZXJ0YWluIGJlaGF2aW9yIG9mIHJlc3Bv
bnNlLiBIYXZlIGEgbG9vayBhdCBzZWN0aW9uIAo+IDkuMS4xIG9mIHRoZSBkcmFmdCBSRkMgZm9y
IHRoZSBpbml0aWFsIHByZWZlcmVuY2VzIGFuZCB5b3UnbGwgc2VlIHRoZSAKPiBwcmVmZXJlbmNl
cyB0aGF0IGFyZSBhbHJlYWR5IHJlZ2lzdGVyZWQuCj4KPiBIVFRQIFByZWZlciBhbHNvIGRlZmlu
ZXMgYSByZWdpc3RyYXRpb24gcHJvY2VzcyBmb3IgdGhlIHBvc3NpYmxlIAo+IHZhbHVlcyBvZiB0
aGlzIGhlYWRlci4gVGhlIHByb2Nlc3MgcmVxdWlyZXMgYW4gZW1haWwgdG8gCj4gcHJlZmVyZW5j
ZXNAaWV0Zi5vcmcgd2l0aCBhIDE0IGRheSByZXNwb25zZSB0aW1lLgo+Cj4gVGhlIGFsdGVybmF0
aXZlIHRvIEhUVFAgUHJlZmVyIHdvdWxkIGJlIGNyZWF0aW5nIGEgbmV3IGhlYWRlciAoYXMgaSBh
bSAKPiBub3QgYXdhcmUgb2YgYW55IG90aGVyIC9hcHByb3ZlZC8gaGVhZGVyIHRoYXQgZml0cyB0
aGUgYmlsbCkuIFRoaXMgCj4gcmVxdWlyZXMgd3JpdGluZyBhbiBSRkMgYW5kIGdldCBpdCBhcHBy
b3ZlZCwgd2hpY2ggd291bGQgdGFrZSBtdWNoIAo+IGxvbmdlciwgYW5kIHdoaWNoIHdvdWxkIGxp
a2VseSBnZXQgdGhlIGNvbW1lbnQgb2YgIldoeSBhcmVuJ3QgeW91IAo+IHVzaW5nIFByZWZlciIu
CgpJJ20gbW9yZSB3b3JyaWVkIGFib3V0ICJwZXJzaXN0ZW50LWF1dGgiIHRoYW4gJ3ByZWZlcicu
ICBXZSBjb3VsZCBhbHdheXMgCmNvbnRhY3QgdGhlIGRyYWZ0IGF1dGhvciAoamFzbmVsbEBnbWFp
bC5jb20pIGFuZCBhc2sgZm9yIGhpcyBvcGluaW9uLgpZLgoKPgo+IEV2ZW4gaWYgSFRUUCBQcmVm
ZXIsIGZvciB3aGF0ZXZlciByZWFzb24sIHVuZXhwZWN0ZWRseSBkb2VzIG5vdCBiZWNvbWUgCj4g
YSBzdGFuZGFyZCwgaSB0aGluayBpbiBwcmFjdGljZSB0aGlzIGRvZXMgbm90IGltcGFjdCB1cyBp
biBhbnkgd2F5Lgo+Cj4gUmVnYXJkcwo+IEdlZXJ0CgoKLS0tLS0tLS0tLS0tLS0wNDAwMDgwMzA1
MDgwMzAxMDAwMTA5MDkKQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNPLTg4NTkt
MQpDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgo8aHRtbD4KICA8aGVhZD4KICAgIDxt
ZXRhIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hhcnNldD1JU08tODg1OS0xIgogICAgICBodHRwLWVx
dWl2PSJDb250ZW50LVR5cGUiPgogIDwvaGVhZD4KICA8Ym9keSB0ZXh0PSIjMDAwMDAwIiBiZ2Nv
bG9yPSIjRkZGRkZGIj4KICAgIE9uIDA0LzE2LzIwMTIgMDM6MzEgUE0sIEdlZXJ0IEphbnNlbiB3
cm90ZToKICAgIDxibG9ja3F1b3RlIGNpdGU9Im1pZDo0RjhDMTEyRi4xMDYwNzAzQHJlZGhhdC5j
b20iIHR5cGU9ImNpdGUiPgogICAgICA8YnI+CiAgICAgIE9uIDA0LzE2LzIwMTIgMDE6MDMgUE0s
IFlhbml2IEthdWwgd3JvdGU6CiAgICAgIDxicj4KICAgICAgPGJyPgogICAgICA8YmxvY2txdW90
ZSB0eXBlPSJjaXRlIj4KICAgICAgICA8YmxvY2txdW90ZSB0eXBlPSJjaXRlIj5TbyAodW5sZXNz
IHNvbWVvbmUgb2JqZWN0cykgbGV0J3MgZ28gZm9yCiAgICAgICAgICBvcHRpb24gIzIgKHVzaW5n
IHRoZSBQcmVmZXIKICAgICAgICAgIDxicj4KICAgICAgICAgIGhlYWRlciBvbiBlYWNoIGFuZCBl
dmVyeSByZXF1ZXN0LCBhbmQgcmVsZWFzZSB0aGUgc2Vzc2lvbiBvbmNlCiAgICAgICAgICBpdCBp
cwogICAgICAgICAgPGJyPgogICAgICAgICAgbm90IHRoZXJlKS4KICAgICAgICAgIDxicj4KICAg
ICAgICA8L2Jsb2NrcXVvdGU+CiAgICAgICAgPGJyPgogICAgICAgIE15IG9ubHkgb2JqZWN0aW9u
IGlzIHRoYXQgeW91IGltcGxlbWVudCBhIGRyYWZ0IHNwZWMgYW5kCiAgICAgICAgaW1wbGVtZW50
IGEKICAgICAgICA8YnI+CiAgICAgICAgaGVhZGVyIHdpdGhvdXQgZXZlbiBib3RoZXJpbmcgdG8g
cmVnaXN0ZXIgaXQgLSBvciBhc2tpbmcgaWYKICAgICAgICB0aGVyZSBpcwogICAgICAgIDxicj4K
ICAgICAgICBzdWNoIGFuIGlkZW50aWNhbC1wdXJwb3NlZCBoZWFkZXIgd2l0aCBhIGRpZmZlcmVu
dCBuYW1lIHdoaWNoCiAgICAgICAgbWF5IGdldAogICAgICAgIDxicj4KICAgICAgICByZWdpc3Rl
cmVkIC8gaXMgYWxyZWFkeSBpbiB1c2Ugc29tZXdoZXJlLgogICAgICAgIDxicj4KICAgICAgPC9i
bG9ja3F1b3RlPgogICAgICA8YnI+CiAgICAgIFRoaXMgaXMgc29tZXdoYXQgb2YgYSByZWQgaGVy
cmluZyB0aG91Z2guCiAgICAgIDxicj4KICAgICAgPGJyPgogICAgICBIVFRQIFByZWZlciB3YXMg
Y3JlYXRlZCBleGFjdGx5IGZvciB0aGUgcHVycG9zZSBvZiBpbmRpY2F0aW5nIGEKICAgICAgcHJl
ZmVyZW5jZSBmb3IgYSBjZXJ0YWluIGJlaGF2aW9yIG9mIHJlc3BvbnNlLiBIYXZlIGEgbG9vayBh
dAogICAgICBzZWN0aW9uIDkuMS4xIG9mIHRoZSBkcmFmdCBSRkMgZm9yIHRoZSBpbml0aWFsIHBy
ZWZlcmVuY2VzIGFuZAogICAgICB5b3UnbGwgc2VlIHRoZSBwcmVmZXJlbmNlcyB0aGF0IGFyZSBh
bHJlYWR5IHJlZ2lzdGVyZWQuCiAgICAgIDxicj4KICAgICAgPGJyPgogICAgICBIVFRQIFByZWZl
ciBhbHNvIGRlZmluZXMgYSByZWdpc3RyYXRpb24gcHJvY2VzcyBmb3IgdGhlIHBvc3NpYmxlCiAg
ICAgIHZhbHVlcyBvZiB0aGlzIGhlYWRlci4gVGhlIHByb2Nlc3MgcmVxdWlyZXMgYW4gZW1haWwg
dG8KICAgICAgPGEgY2xhc3M9Im1vei10eHQtbGluay1hYmJyZXZpYXRlZCIgaHJlZj0ibWFpbHRv
OnByZWZlcmVuY2VzQGlldGYub3JnIj5wcmVmZXJlbmNlc0BpZXRmLm9yZzwvYT4gd2l0aCBhIDE0
IGRheSByZXNwb25zZSB0aW1lLgogICAgICA8YnI+CiAgICAgIDxicj4KICAgICAgVGhlIGFsdGVy
bmF0aXZlIHRvIEhUVFAgUHJlZmVyIHdvdWxkIGJlIGNyZWF0aW5nIGEgbmV3IGhlYWRlciAoYXMK
ICAgICAgaSBhbSBub3QgYXdhcmUgb2YgYW55IG90aGVyIC9hcHByb3ZlZC8gaGVhZGVyIHRoYXQg
Zml0cyB0aGUgYmlsbCkuCiAgICAgIFRoaXMgcmVxdWlyZXMgd3JpdGluZyBhbiBSRkMgYW5kIGdl
dCBpdCBhcHByb3ZlZCwgd2hpY2ggd291bGQgdGFrZQogICAgICBtdWNoIGxvbmdlciwgYW5kIHdo
aWNoIHdvdWxkIGxpa2VseSBnZXQgdGhlIGNvbW1lbnQgb2YgIldoeSBhcmVuJ3QKICAgICAgeW91
IHVzaW5nIFByZWZlciIuCiAgICAgIDxicj4KICAgIDwvYmxvY2txdW90ZT4KICAgIDxicj4KICAg
IEknbSBtb3JlIHdvcnJpZWQgYWJvdXQgInBlcnNpc3RlbnQtYXV0aCIgdGhhbiAncHJlZmVyJy4m
bmJzcDsgV2UgY291bGQKICAgIGFsd2F5cyBjb250YWN0IHRoZSBkcmFmdCBhdXRob3IgKDxhIGNs
YXNzPSJtb3otdHh0LWxpbmstYWJicmV2aWF0ZWQiIGhyZWY9Im1haWx0bzpqYXNuZWxsQGdtYWls
LmNvbSI+amFzbmVsbEBnbWFpbC5jb208L2E+KSBhbmQgYXNrIGZvciBoaXMKICAgIG9waW5pb24u
PGJyPgogICAgWS48YnI+CiAgICA8YnI+CiAgICA8bWV0YSBodHRwLWVxdWl2PSJjb250ZW50LXR5
cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsKICAgICAgY2hhcnNldD1JU08tODg1OS0xIj4KICAgIDxi
bG9ja3F1b3RlIGNpdGU9Im1pZDo0RjhDMTEyRi4xMDYwNzAzQHJlZGhhdC5jb20iIHR5cGU9ImNp
dGUiPgogICAgICA8YnI+CiAgICAgIEV2ZW4gaWYgSFRUUCBQcmVmZXIsIGZvciB3aGF0ZXZlciBy
ZWFzb24sIHVuZXhwZWN0ZWRseSBkb2VzIG5vdAogICAgICBiZWNvbWUgYSBzdGFuZGFyZCwgaSB0
aGluayBpbiBwcmFjdGljZSB0aGlzIGRvZXMgbm90IGltcGFjdCB1cyBpbgogICAgICBhbnkgd2F5
LgogICAgICA8YnI+CiAgICAgIDxicj4KICAgICAgUmVnYXJkcwogICAgICA8YnI+CiAgICAgIEdl
ZXJ0CiAgICAgIDxicj4KICAgIDwvYmxvY2txdW90ZT4KICAgIDxicj4KICA8L2JvZHk+CjwvaHRt
bD4KCi0tLS0tLS0tLS0tLS0tMDQwMDA4MDMwNTA4MDMwMTAwMDEwOTA5LS0K

--===============9069461820245831928==--