Eric Lease Morgan writes:
> Please remind me, how can authentication be supported in SRU?
>
> I know of a cool service that could support SRU because the
> administrators are techno-saavy, but their service necessarily
> requires authentication. Let's suppose I have a username/password.
> How could I send an SRU request to the service and authenticate at
> the same time?
Hi, Eric.
The SRU specifications include a description of an "authentication
token" extension at:
http://www.loc.gov/standards/sru/token.html
but this says nothing about the form of the token -- so far as I can
make out, this is not really a way of sending a username/password
pair, but more akin to a session cookie: you get a session-cookie
value from some unspecified other login service, then include it in
all the requests in your session.
In practice of course, where you want to get the session cookie from
nine times out of ten is from the SRU server itself. To that end,
we've very recently added username/password authentication support to
the YAZ generic server, using the "x-username" and "x-password"
extension parameters, like this:
http://z3950.loc.gov:7090/voyager?query=dinosaur&startRecord=1&maximumRecords=1&recordSchema=dc&version=1.1&operation=searchRetrieve&x-username=mike&x-password=area51
We plan to write this extension up some time RSN, so if you don't have
a compelling reason to do things differently, may I suggest that you
use the same parameter names as we're using here?
_/|_ ___________________________________________________________________
/o ) \/ Mike Taylor <[log in to unmask]> http://www.miketaylor.org.uk
)_v__/\ "Progress is not backwards compatible" -- Harvey Thompson.
|