atom auth

0 views
Skip to first unread message

Scott Merrill

unread,
Oct 26, 2006, 9:20:16 PM10/26/06
to habar...@googlegroups.com
I set out to educate myself about Atom introspection. According to the
pre-draft spec at atomenabled.org:
"Note that the "service.feed" takes the place of the Introspection
File and the Search facet in previous versions of the specification.
That is, facet discovery, which was previously done by inspecting
the Introspection file is now done by looking for "link" tags with
an attribute "rel" set to "service.[something]" in the
"service.feed" file."

That wasn't quite the definitive answer for which I hoped, so I turned
to Google. I found this:
http://www.sixapart.com/developers/atom/protocol/atom_introspection.html
but got sidetracked by the X-WSSE header in the example.

This article on xml.com describes the X-WSSE authentication mechanism
used by Atom:
http://www.xml.com/pub/a/2003/12/17/dive.html
It _sounds_ easy. We could also consider falling back to Digest auth,
since PHP can do that while CGI scripts cannot. Of course, I've never
looked at Digest auth, so there may be compelling arguments against it.

SixApart has some Atom auth documentation as well:
http://www.sixapart.com/developers/atom/protocol/atom_authentication.html

--
ski...@skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49 3544 476A 7DEC 9CFA 4B35

Owen Winkler

unread,
Oct 26, 2006, 9:47:31 PM10/26/06
to habar...@googlegroups.com
On 10/26/06, Scott Merrill <ski...@skippy.net> wrote:
>
> I set out to educate myself about Atom introspection. According to the
> pre-draft spec at atomenabled.org:
> "Note that the "service.feed" takes the place of the Introspection
> File and the Search facet in previous versions of the specification.
> That is, facet discovery, which was previously done by inspecting
> the Introspection file is now done by looking for "link" tags with
> an attribute "rel" set to "service.[something]" in the
> "service.feed" file."

What I read from here is that we simply need to include <link> tags in
both the entry collection feed and the site's theme HTML header that
point to each of the available services. A separate introspection URL
isn't required. Easy enough.

Of course, all of this will need to be tested with an actual Atom
client, which I've not have luck with so far.

> This article on xml.com describes the X-WSSE authentication mechanism
> used by Atom:
> http://www.xml.com/pub/a/2003/12/17/dive.html
> It _sounds_ easy. We could also consider falling back to Digest auth,
> since PHP can do that while CGI scripts cannot. Of course, I've never
> looked at Digest auth, so there may be compelling arguments against it.

X-WSSE does sound easy. I've already got some code in the AtomHandler
for basic authentication that could be mutated for this.

Owen

Reply all
Reply to author
Forward
0 new messages