HTTP callback scheme?
Sat, 22 Dec 2001 23:39:05 -0800
I might be dense, but why a new protocol identifier?
If you include the callback header, wouldn't you already be expecting the
response on another 'channel'.
Also, wouldn't you need a message-id on the initial request in order to
correlate to the future message/http-response that may or may not arrive?
This message-id probably could be generated by the proxy if the client
doesn't mind getting the response before getting the correlation id.
----- Original Message -----
From: "Gordon Mohr" <firstname.lastname@example.org>
Sent: Saturday, December 22, 2001 11:26 PM
Subject: HTTP callback scheme?
> Aren't we overdue for an URI-scheme "httpc" that works
> like this...
> (1) You receive a URL using the scheme, say
> (2) You do an HTTP request against that location,
> but include a callback address on a header,
> for example a real HTTP URL like:
> (3) The 'proxy.org' machine actually forwards your
> request to some other machine, most likely one
> that lacks a public IP address but has kept
> an outbound connection open to 'proxy.org'.
> (4) That hidden machine considers the request, and
> if all goes well does a PUT of content, type
> "message/http-response", to your callback
> (5) 'proxy.org' returns a trivial OK response code
> to indicate the real response is in progress.
> Potential wrinkles:
> - the callback address is just a IP:port pair;
> the hidden machine opens the connection but
> then immediately pretends the connection was
> initiated by the other side -- allowing you
> to issue any HTTP request over the connection
> - to prevent third parties from pretending to
> be the hidden machine, some hash-based
> authentication token is passed back through
> the request-proxy to the original requestor,
> - the hash of what the full response
> will be, or
> - the hash of some random token, which
> the hidden machine will reveal on its
> outbound connection
> A lot of systems do things a lot like this to get
> around firewall/NAT problems -- for example Gnutella's
> PUSH request -- but I'm wondering if the approach
> has ever been captured in a standardized URI-scheme.
> So is this an AlreadyExists or a NeedsToExist?
> - Gordon