Closed x3ro closed 8 years ago
The concept of an application server does not define the quantity— it's fine for multiple servers to share a single key. Martin added text allowing additional claims (#25) which further clarifies that it's fine to include more specific information, for example which server created the message, which is useful if the push service has means for dealing with this. (E.g. QoS or analytics.)
I don't recall why that's a MAY. We certainly shouldn't forward unauthorized messages for restricted subscriptions to the user. /cc @martinthomson
The changes themselves look good, thanks! :)
Thanks for the explanation @beverloo. Should I open an issue regarding the MAY
?
Found some minor stuff in the draft, and had two questions (below). If I should send those to the list instead, let me know :)
In 5.2: Why is
a MAY? If I, as a UA, create a restricted subscription my assumption would be that that is actually checked, right? If the Push Service is not planning to check it anyway, wouldn't it make sense to tell the UA directly by responding w/ an error at restricted subscription creation time?