harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

more detail

Browse Source
This commit is contained in:
friendica 2012-10-16 16:24:37 -07:00
parent b233b9c633
commit cdeb43f987
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
spec/zot-2012.txt
View File

@ -22,11 +22,16 @@ This information will identify a channel+site pair in the future. When contact i
If a new location is provided, this process is repeated but only the new location needs to be verified and stored.
Messages are sent by providing this information in an HTTP post to the other site, along with a protocol version specifier and type of message. For some message types, the message is included. Others will require a security handshake with the remote site calling back the original to verify the identity assertion and the message is only collected at that time.
Messages are sent by providing this information in an HTTP post (*) to the other site, along with a protocol version specifier and type of message and a verification token. For message types which do not require identity validation, the message may be included. Others will require a security handshake with the remote site calling back the original to verify the identity assertion and the message is only collected at that time.
Multiple messages may be sent, and a callback may result in the collection of multiple messages destined for this site, not necessarily limited to the channel/location which was asserted.
(*) A POST method is used for many protocol transactions as site "hardening" tools may place overly restrictive length limits on GET data. We are typically sending several encoded/encrypted strings and these requests are likely to fail on some sites and become a nagging support issue if a GET request is used.
The verification token is signed by the remote site and the signed token returned during the callback. This verifies the identity of the callback - by matching with known tokens.
Permissions:
Permissions are available for several different activities. This list is enumerated by a POST to the permissions service with the above channel+location information. An array of permissions will be returned. If no identity assertion is made, a list of the default channel permissions is returned.

2
version.inc
View File

@ -1 +1 @@
2012-10-14.107
2012-10-16.109