Re: [PATCH] Add auth_param request_format, request_realm to proxy authentication schemes from Alex Rousskov on 2013-11-16 (squid-dev)

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Sat, 16 Nov 2013 19:21:30 -0700

On 11/15/2013 11:49 PM, Amos Jeffries wrote:
>> > Now about the name: "realm_format" is a bad choice IMO because some
>> > folks will think that it controls the format of the authentication realm
>> > string displayed to the user (for schemes where we can specify that
>> > user-visible string). I suggest calling the new option "request_extras".
>> > The configured extras will be appended to the helper request and to the
>> > cache key. Any better naming ideas?

> Hmm. We could call it "notes" or "annotations" and document it as part
> of the custom annotations and other details being sent to the helper.

I do not like "notes" or "annotations" because, in all other contexts
already in use, those things denote information added by an "external"
force such as an admin, helper, or adaptation service. In the case of
"request_format", these additional details would usually be a part of
the transaction already (and may eventually include other annotations!).

Another reason to reject "notes" or "annotations" is to avoid the
implication that their use annotates the affected transaction as if a
"note" option was used (or as if an adaptation service created an
annotation).

Finally, all existing annotations are key=value pairs while these new
details do not have such a well-defined structure. They can be viewed as
one big anonymous annotation, but it is probably a bad idea to create
such anonymous annotations.

Please note that the context of the new name is "authentication
parameter" as already determined by the auth_param directive itself:

  auth_param digest program ...
  auth_param digest children 20 startup=0 idle=1
  auth_param digest realm Squid proxy-caching web server
  auth_param digest request_extras "%lp"

Request_extras is not ideal because it does not explicitly tell the
amdin that the new parameter affects the authentication cache indexing
(the documentation will say that, of course). We can use something like
key_suffix. It would not explicitly tell the admin that the helper
request format includes that suffix, but it is not worse than
request_extras IMO:

auth_param digest key_suffix "%lp"

HTH,

Alex.
Received on Sun Nov 17 2013 - 02:21:34 MST

This archive was generated by hypermail 2.2.0 : Sun Nov 17 2013 - 12:00:09 MST