Am 26.12.2015 um 01:25 schrieb Chris Beckett:
One more question around this. My worker service needs to respond to
calls regardless of realm, but when I make a WAMP-CRA connection to a
server, I have to specify a realm. This seems to imply that to handle
Yes, a WAMP session only comes into existance by being attached to a
There is no such thing as an “unattached session” or a session being
attached to multiple realms.
this my worker service needs to manage a pool of connections and
register the same handler for each of them. Is this true?
Let’s say you have an app component that implements a procedure
You would fire up an instance of that component for each realm you want
the procedure to be available in.
On Friday, December 25, 2015 at 1:43:38 PM UTC-8, Tobias Oberstein wrote:
The difference is: with WAMP-Ticket, the shared secret travels the
wire, while with WAMP-CRA, the secret never is serialized nor
transmitted. With WAMP-Ticket, the recommended way of usage would be
som ekind of one-time "tickets" - hence the naming ... you _can_
technically use it with a shared, long-term static secret, but in
this case you must absolutely use TLS. With WAMP-CRA, you can in
principle use a non-encrypted transport, since challenge-response
scheme under the hood has safeguards: not only "no secrets on wire",
but also replay and timeout attacks. Also, WAMP-CRA is meant to be
used with long-term stable secret, and can employ password salting.
Also note the discussion here:
Am Freitag, 25. Dezember 2015 06:30:00 UTC+1 schrieb Chris Beckett:
Can anyone tell me the difference between ticket and wamp-cra
authentication? From what I can glean from examples both
ultimately require an authid and a secret - so how are they
I want to authenticate server-side services and was looking for
something that just validates a secret sort of thing...
You received this message because you are subscribed to the Google
Groups “Crossbar” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to crossbario+...@googlegroups.com
To post to this group, send email to cros...@googlegroups.com
To view this discussion on the web visit
For more options, visit https://groups.google.com/d/optout.