[Engine-devel] REST session management

Oved Ourfalli ovedo at redhat.com
Mon Apr 16 11:46:29 UTC 2012



----- Original Message -----
> From: "Yaniv Kaul" <ykaul at redhat.com>
> To: "Oved Ourfalli" <ovedo at redhat.com>
> Cc: "engine-devel" <engine-devel at ovirt.org>, "Eoghan Glynn" <eglynn at redhat.com>
> Sent: Monday, April 16, 2012 2:03:26 PM
> Subject: Re: [Engine-devel] REST session management
> 
> On 04/16/2012 11:44 AM, Oved Ourfalli wrote:
> >
> > ----- Original Message -----
> >> From: "Geert Jansen"<gjansen at redhat.com>
> >> To: "Miki Kenneth"<mkenneth at redhat.com>
> >> Cc: "Oved Ourfalli"<ovedo at redhat.com>,
> >> "engine-devel"<engine-devel at ovirt.org>, "Eoghan
> >> Glynn"<eglynn at redhat.com>
> >> Sent: Monday, April 16, 2012 11:34:26 AM
> >> Subject: Re: [Engine-devel] REST session management
> >>
> >>
> >> On 04/16/2012 10:04 AM, Miki Kenneth wrote:
> >>
> >>>> I Agree on that, although I'm not sure whether it is really
> >>>> needed
> >>>> to
> >>>> release the session, rather then rely on timeout.
> >>>> If we indeed need to provide a way to release the session then I
> >>>> agree this is the best alternative. But if we don't then it will
> >>>> make the API to the client more (but not very) complex in that
> >>>> manner.
> >>   >
> >>> I would go for both - release mechanism (for proper handling) and
> >>> timeout mechanism for garbage collection.
> >>> (refer to:
> >>> http://blog.synopse.info/post/2011/05/24/How-to-implement-RESTful-authentication)
> >> Agreed we need both. I think that for security purposes, it is
> >> important
> >> to have a "log out" function. That way, client applications can
> >> decide
> >> depending on their local security requirements whether or not it
> >> is
> >> acceptable to leave a session open.
> >>
> > So (unless someone objects) let's go for option #2 (using the
> > Prefer header on each and every request, and release the session
> > once it is not there).
> 
> My only objection is that you implement a draft spec and implement a
> header without even bothering to register it - or asking if there is
> such an identical-purposed header with a different name which may get
> registered / is already in use somewhere.
> Y.
> 
One of the reasons of posting to this mailing list is to try and get information on alternatives.
I already looked for similar headers, but I'll take another look to see if others exist.
Any idea where I can get an official answer for that?
Looked in http://www.iana.org/assignments/message-headers/perm-headers.html, but it was hard to find a more suitable header there.
We can have a dedicated header of our own in that matter, but better being standard.

BTW, from what I read the acceptance process is in its final stages, but I'm not too familiar with the process, so hard to say how much time will it take for it to be complete.

> >
> > Thank you,
> > Oved
> >> Regards,
> >> Geert
> >>
> > _______________________________________________
> > Engine-devel mailing list
> > Engine-devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/engine-devel
> 
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
> 



More information about the Engine-devel mailing list