Hi Mario,
Am 11.10.22 um 16:38 schrieb Mario Loffredo:
Il 11/10/2022 15:04, Andrew Newton ha scritto:
On Tue, Oct 11, 2022 at 8:16 AM Mario Loffredo
<mario.loffr...@iit.cnr.it> wrote:
my humble opinion is that this document shouldn't deal with any kind
of RDAP client other than a browser.
Looking at the chapter 1 of this document, but also at chapter 3 and 3.1
there is no indication of such narrow usage of this specification.
Also 4.2.4. Clients with Limited User Interfaces indicates other types
of clients than the browser directly.
At the moment, I disagree with this. Authentication for non-browser
clients can be very useful. GitHub's client is a great example for
anybody who has ever needed Oauth/OpenID at the command line.
Andy, I didn't write that non-browser clients are unuseful.
On the contrary, I was the first here raising the question of how to
deal with non-browser clients that most likely will issue the biggest
number of requests to the RDAP servers.
I only expressed my concern about using for non-browser clients the
same approach used thus far. IMHO, the classic scheme based on tokens
fit better in that case while sessions are the best for end users
operating through a browser.
I can only agree to that concerns and as I understand till version 9 of
this draft this was in fact the approach.
The browser use case was not supported well but all the others including
clients other than the browser.
I expected the document should eventually support both therefore I
raised the concerns about non browser clients not possible.
With regard to GitHub, AFAIK non-browser clients can access a
repository either through an access token or via SSH key, anyway
nothing similar to the exchange of a session cookie, right ?
GitHub CLI and other this kind of tools typically use a form of OAuth as
well and store tokens locally.
Kind Regards,
Pawel
_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext
