OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

coel message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Paragraph describing authentication is confusing (IDA, MMI, PQI)

Hi David,

We both got tied up in coding/deciding passwords this week and I think the paragraphs in the spec are over complex.

Fundamentally, the userid and password are both ASCII printable strings in a limited character set [0-9A-Za-z] and '-'.

HTTP Basic auth requires concatenating them as "userid:password" and then uuencoding the result for transport.

Rather than this:

HTTP basic authentication SHALL be used to authenticate calls to the API. Passwords SHOULD be 64 bytes in length and supplied as a base 64 encoding string. This MUST be converted to ASCII and prefixed with the userid followed by a colon to form the token passed in the HTTP Authorisation Header.

Example:

"9abf5386-2ac6-4e61-abc4-6b809a85d6cb:J1dOeWJJOkd3akhnSn4ma007MDtUMVAxISgyOn9jI2U9NHNdRi4hfiw9c2I8PURcVltNMWQkamsrfGR4T24vKA=="

I'm going to put this into the IDA:

HTTP basic authentication SHALL be used to authenticate calls to the API. Passwords SHOULD be 64 bytes in length and MUST be supplied as an ASCII string. This MUST be prefixed with the userid followed by a colon to form the token passed in the HTTP Authorisation Header.

Example:

“9abf5386-2ac6-4e61-abc4-6b809a85d6cb:JhmiDAlnpo1SBrlrN6H09RqQoerdLCyepbXgE7005OSzXzMeUsGCEXaVNAMrKv8D”

I think this makes things clearer. It has no effect on the API we are using. Are you happy to put this in the MMI and PQI (or equivalent text?)

Paul


Dr. Paul Bruton

Tessella
Chadwick House, Birchwood Park, Warrington, WA3 6AE
E: Paul.Bruton@tessella.com, T: +44 (0)7557 916535
www.tessella.com    Registered in England No. 1466429

Please consider the environment and do not print this e-mail unless you really need to.

This message is commercial in confidence and may be privileged. It is intended for the addressee only. Access to this message by anyone else is unauthorised and strictly prohibited. If you have received this message in error, please inform the sender immediately. Please note that messages sent or received by the Tessella e-mail system may be monitored and stored in an information retrieval system.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]