Re: [PATCH] Add auth_param request_format, request_realm to proxy authentication schemes from Amos Jeffries on 2013-11-16 (squid-dev)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sun, 17 Nov 2013 16:01:43 +1300

On 17/11/2013 3:21 p.m., Alex Rousskov wrote:
> On 11/15/2013 11:49 PM, Amos Jeffries wrote:
>>>> Now about the name: "realm_format" is a bad choice IMO because some
>>>> folks will think that it controls the format of the authentication realm
>>>> string displayed to the user (for schemes where we can specify that
>>>> user-visible string). I suggest calling the new option "request_extras".
>>>> The configured extras will be appended to the helper request and to the
>>>> cache key. Any better naming ideas?
>
>> Hmm. We could call it "notes" or "annotations" and document it as part
>> of the custom annotations and other details being sent to the helper.
>
>
> I do not like "notes" or "annotations" because, in all other contexts
> already in use, those things denote information added by an "external"
> force such as an admin, helper, or adaptation service. In the case of
> "request_format", these additional details would usually be a part of
> the transaction already (and may eventually include other annotations!).
>
> Another reason to reject "notes" or "annotations" is to avoid the
> implication that their use annotates the affected transaction as if a
> "note" option was used (or as if an adaptation service created an
> annotation).
>
> Finally, all existing annotations are key=value pairs while these new
> details do not have such a well-defined structure. They can be viewed as
> one big anonymous annotation, but it is probably a bad idea to create
> such anonymous annotations.
>

Okay.

>
> Please note that the context of the new name is "authentication
> parameter" as already determined by the auth_param directive itself:
>
> auth_param digest program ...
> auth_param digest children 20 startup=0 idle=1
> auth_param digest realm Squid proxy-caching web server
> auth_param digest request_extras "%lp"
>
> Request_extras is not ideal because it does not explicitly tell the
> amdin that the new parameter affects the authentication cache indexing
> (the documentation will say that, of course). We can use something like
> key_suffix. It would not explicitly tell the admin that the helper
> request format includes that suffix, but it is not worse than
> request_extras IMO:
>
>
> auth_param digest key_suffix "%lp"

Halfway: key_extras ?

Amos
Received on Sun Nov 17 2013 - 03:01:48 MST

This archive was generated by hypermail 2.2.0 : Sun Nov 17 2013 - 12:00:09 MST