Realtime Extensions to HTTP

HTTP is currently a connectionless protocol. Removing this restriction permits the provision of new functionalities:

Permit protocol negotiation.
Support transactions
Support unsolicited input
- Conferencing and interactive multiplayer games.
- Permit connection to live data resources.

Extension Mechanisms

There are two possible methods of extending the capabilities of current WWW browsers to support realtime.

Multipart MIME types.: The existing HTTP spec provides for the handling of multipart MIME messages. Such messages may be used to provide an asynchronous stream of data. The main change from current practice being that the clients must be capable of handling each data segment on arrival.
Multiple Method Connections: Provided the length of the message body is well defined a connection established between two parties may be reused for further GET, PUT, POST etc operations. This mechanism also permits transaction processing using HTTP.

Implications for Security.

The main implication for any security scheme is that it is impossible to send the authentication of the message content in the head of the message since it is unknown what that content will be. The time taken to perform public key authentication makes it undesirable to perform multiple RSA signatures.

A simple solution to these problems is to use a public key or other secure key exchange mechanism to exchange a shared secret when the connection is established. The shared secret would then be used as the basis for authentication of further messages.

Phillip M. Hallam-Baker, CERN ECP PTG hallam@alws.cern.ch

Henrik Frystyk Nielsen, CERN CN, frystryk@ptsun00.cern.ch

Ari Luotonen, CERN ECP (Now at Mosaic Communications Corp)