aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--spec/zot-2012.txt7
-rw-r--r--version.inc2
2 files changed, 7 insertions, 2 deletions
diff --git a/spec/zot-2012.txt b/spec/zot-2012.txt
index bd84e63d0..d01af5c87 100644
--- a/spec/zot-2012.txt
+++ b/spec/zot-2012.txt
@@ -22,11 +22,16 @@ This information will identify a channel+site pair in the future. When contact i
If a new location is provided, this process is repeated but only the new location needs to be verified and stored.
-Messages are sent by providing this information in an HTTP post to the other site, along with a protocol version specifier and type of message. For some message types, the message is included. Others will require a security handshake with the remote site calling back the original to verify the identity assertion and the message is only collected at that time.
+Messages are sent by providing this information in an HTTP post (*) to the other site, along with a protocol version specifier and type of message and a verification token. For message types which do not require identity validation, the message may be included. Others will require a security handshake with the remote site calling back the original to verify the identity assertion and the message is only collected at that time.
Multiple messages may be sent, and a callback may result in the collection of multiple messages destined for this site, not necessarily limited to the channel/location which was asserted.
+(*) A POST method is used for many protocol transactions as site "hardening" tools may place overly restrictive length limits on GET data. We are typically sending several encoded/encrypted strings and these requests are likely to fail on some sites and become a nagging support issue if a GET request is used.
+
+The verification token is signed by the remote site and the signed token returned during the callback. This verifies the identity of the callback - by matching with known tokens.
+
+
Permissions:
Permissions are available for several different activities. This list is enumerated by a POST to the permissions service with the above channel+location information. An array of permissions will be returned. If no identity assertion is made, a list of the default channel permissions is returned.
diff --git a/version.inc b/version.inc
index 9b6f7cbde..b84f9e5e1 100644
--- a/version.inc
+++ b/version.inc
@@ -1 +1 @@
-2012-10-14.107
+2012-10-16.109
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 07:29:01 +0000