OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [cti-taxii] Protocol Shortlist - Add HTTP


There are a number of facilities available in HTTP/2.0 that could be of great use to TAXII - for example, as you mentioned below, server push. If HTTP/2.0 is part of the specification, then these facilities can be assumed to be present and we can utilize them in the TAXII specification. If not, then we are stuck with HTTP/1.1 facilities.

The answer to "how much would the application code have to know" also depends. For a protocol like TAXII, it depends very much on how it is written and where it is running. It is not always going to be an option for someone implementing a TAXII service to simply stick an Apache instance in front, for example if it is for example running on an embedded device.


-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for "Davidson II, Mark S" ---2015/08/26 08:32:23 AM---Dumb question – what has to change in application "Davidson II, Mark S" ---2015/08/26 08:32:23 AM---Dumb question – what has to change in application code if HTTP/2 is used? Asking the question anothe

From: "Davidson II, Mark S" <mdavidson@mitre.org>
To: "Jordan, Bret" <bret.jordan@bluecoat.com>, Jason Keirstead/CanEast/IBM@IBMCA
Cc: "cti-taxii@lists.oasis-open.org" <cti-taxii@lists.oasis-open.org>
Date: 2015/08/26 08:32 AM
Subject: RE: [cti-taxii] Protocol Shortlist - Add HTTP
Sent by: <cti-taxii@lists.oasis-open.org>





Dumb question – what has to change in application code if HTTP/2 is used?

Asking the question another way – if I write a Python/Django web app for HTTP/1.1 that runs on Apache, what modifications would I need to make in order to support Apache’s HTTP/2 functionality?

Based on what I’ve read, it sounds like application code will have to change very little, if at all. There is a presumption that due to the similarities between HTTP/1.1 and HTTP/2, thigs like Django (or the underlying WSGI) won’t need to change their interface very much, and therefore will have minimal impact to application developers.

As I understand it, HTTP/2 adds some new features (Server Push and Stream Prioritization) that will eventually propagate up to the web developer level, and other features (e.g., binary encoding) will be handled transparently by the underlying webserver.

This was based on a few minutes of internet searching, so please let me know what I got wrong.

If my assumptions are correct, it seems we can for the most part proceed with a general notion of HTTP and then make a value decision about HTTP/1.1 vs HTTP/2 later on.

Thank you.
-Mark



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]