On Wednesday 06 March 2013 10:02 PM, Lewis, Keith wrote:
" type="cite">Some commentsThe intention is to make it mandatory. Assuming the container support websockets, why would this information be not
" type="cite">The point about security is interesting, especially if the applications does not have any
I did not understand part of what you are saying
The credentials or an equivalent token must be present in each http request. There should similarly be credentials in each SIP request if required in the sip.xml descriptor. The credentials should be rechecked by the SIP container rather than being transferred from the web container.
Could you please explain a bit more? Are you saying that we should discard the
authentication at the webcontainer and force authentication at SIP protocol level instead?
Re: getInitiatingWebSession [Re: SIP over websocket draft.]
Re: SIP over websocket draft.