Paul,
Yes I spotted that too. Was going to raise an issue eventually. I wait for the IDA rev, and work from it.
--
Take care:
Dr. David Snelling < David . Snelling . UK . Fujitsu . com >
Senior Research Fellow
Research Transformation and Innovation
Fujitsu Laboratories of Europe Ltd.
+44-7590-293439 (Mobile)
From: Paul.Bruton@tessella.com [mailto:Paul.Bruton@tessella.com]
Sent: 23 October 2015 21:39
To: Dave Snelling
Cc: coel@lists.oasis-open.org
Subject: Paragraph describing authentication is confusing (IDA, MMI, PQI)
Hi David,
We both got tied up in coding/deciding passwords this week and I think the paragraphs in the spec are over complex.
Fundamentally, the userid and password are both ASCII printable strings in a limited character set [0-9A-Za-z] and '-'.
HTTP Basic auth requires concatenating them as "userid:password" and then uuencoding the result for transport.
Rather than this:
HTTP basic authentication SHALL be used to authenticate calls to the API. Passwords SHOULD be 64 bytes in length and supplied as a base 64 encoding string. This MUST be converted to ASCII and prefixed with the userid followed by a colon to form the token passed in the HTTP Authorisation Header.
Example:
"9abf5386-2ac6-4e61-abc4-6b809a85d6cb:J1dOeWJJOkd3akhnSn4ma007MDtUMVAxISgyOn9jI2U9NHNdRi4hfiw9c2I8PURcVltNMWQkamsrfGR4T24vKA=="
I'm going to put this into the IDA:
HTTP basic authentication SHALL be used to authenticate calls to the API. Passwords SHOULD be 64 bytes in length and MUST be supplied as an ASCII string. This MUST be prefixed with the userid followed by a colon to form the token passed in the HTTP Authorisation Header.
Example:
“9abf5386-2ac6-4e61-abc4-6b809a85d6cb:JhmiDAlnpo1SBrlrN6H09RqQoerdLCyepbXgE7005OSzXzMeUsGCEXaVNAMrKv8D”
I think this makes things clearer. It has no effect on the API we are using. Are you happy to put this in the MMI and PQI (or equivalent text?)
Paul
Dr. Paul Bruton
Tessella
Chadwick House, Birchwood Park, Warrington, WA3 6AE
E: Paul.Bruton@tessella.com, T: +44 (0)7557 916535
www.tessella.com Registered in England No. 1466429
Please consider the environment and do not print this e-mail unless you really need to.
This message is commercial in confidence and may be privileged. It is intended for the addressee only. Access to this message by anyone else is unauthorised and strictly prohibited. If you have received this message in error, please inform the sender immediately. Please note that messages sent or received by the Tessella e-mail system may be monitored and stored in an information retrieval system.
______________________________________________________________________
Fujitsu Laboratories of Europe Limited
Hayes Park Central, Hayes End Road, Hayes, Middlesex, UB4 8FE
Registered No. 4153469
This e-mail and any attachments are for the sole use of addressee(s) and
may contain information which is privileged and confidential. Unauthorised
use or copying for disclosure is strictly prohibited. The fact that this
e-mail has been scanned by Trendmicro Interscan does not guarantee that
it has not been intercepted or amended nor that it is virus-free. |