Missing reference: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-66#section-7
lol... first Joe, now klacke! It's spreading! :)
In the meanwhile there is a little detail about security. :\
Currently the "web socket server" is merrily echoing back whatever Origin someone might throw at it, so it allows connections from all over the place.
After reading the Origin header (its values look something like "http[s]://servername[:non-default-port-for-url-scheme]") we should compare the Origin against the ServerName and/or a list of AllowedOrigins.
Any takers for the task at hand? :)
Weekend starting... now! :)