May 14, 2003
App keys
The problem is that all the URIs have to include an “appkey,” basically a ticket representing your right to use the API. The whole point of publishing a URI is that anyone can use it in any way they want, and you just can't do that the way it's set up now.Sounds like the essentially same problem John and co. needed to solve for localhost GWS: service-authorization, without polluting the namespace. In the local GWS case, your appkey can be found stashed in the registry, but changes regularly, so knowing the key inherently authenticates you as having certain rights on the device.
But where to put the key in the message?
GWS answer: soap:header. Yuk, clunk, grunch. (Actually, it works reasonably well - the largest problem usually ends up being to find the key). But what are the alternatives? HTTP content header? (Not bad - but SOAPAction made that decision for something like the opposite reason, which makes no sense to me).
vcard
| January 2005 | ||||||
| S | M | T | W | T | F | S |
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 | |||||
archives:
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002
April 2002
March 2002
February 2002
January 2002
December 2001
November 2001
October 2001
September 2001
August 2001
July 2001
June 2001
see also:
{groove:
[ ray,
matt,
paresh,
mike,
jeff,
john ],
other:
[ /* more blogroll to follow */ ]
}
The views expressed on this weblog are mine alone and do not necessarily reflect the views of my employer.
RSS 2.0
RSS 1.0
