aboutsummaryrefslogtreecommitdiffstats
path: root/spec/zot-2012.txt
blob: b223a27eaf7102332716dd8f7780015378dd3b66 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
Initial cut at Zot-2012 protocol. This is a very rough draft of some very rough ideas and concepts. 
It is not yet intended to be a definitive specification and many things like the security handshakes are yet to be specified precisely. 

All communications are https


First create a global unique userid


Site userid:
https://macgirvin.com/1

$guuid = base64url_encode(hash('whirlpool','https://macgirvin.com/1.' . mt_rand(1000000,9999999),1);


Then create a hashed site destination.

$gduid = base64url_encode(hash('whirlpool', $guuid . 'https://macgirvin.com',1);

These two keys will identify you as a person+site pair in the future.
You will also obtain a password upon introducing yourself to a site.
This can be used to edit locations in the future. You will always keep your global unique userid


The steps to connect with somebody are to first register your location with their site.
Then introduce yourself to the person. This contains flags for the desired relationship.
At some future time, they may confirm and adjust the relationship based on their comfort level. 
Lack of confirmation is tantamount to denial. 

You can set either or both of FOLLOW and SHARE which indicates the relationship from your viewpoint.
They may do likewise.

A relationship is based on you as a person and provided you register new locations with the site you can post from anywhere.
You do not need to register locations with each person, only with the site.  


Introduce yourself to a site:


POST https://example.com/post

{
'type' => 'register'
'person' => $guuid
'address' => $gduid
'site' => 'https://macgirvin.com'
'info' => 'mike@macgirvin.com'
}

Returns:

{
'success' => 'true'
'pass' => me_encrypt($random_string)
}

---
Add location
---

POST https://example.com/post

{
'type' => 'location'
'person' => $guuid
'address' => $new_gduid
'site' => 'https://newsite.com'
'info' => 'mike@macgirvin.com'
'pass' => me_encrypt($gduid . '.' . $pass)
}

Returns:

{
'success' => 'true'
'pass' => me_encrypt($random_string)
}

---
Remove location
---

POST https://example.com/post

{
'type' => 'remove_location'
'person' => $guuid
'address' => $gduid
'pass' => me_encrypt($pass)
}

Returns:

{
'success' => 'true'
'message' => 'OK'
}


------------
Make friends
------------
This message may be reversed/repeated by the destination site to confirm.
flags is the desired friendship bits. The same message may be used with different flags 
to edit or remove a relationship.


POST https://example.com/post

{
'type' => 'contact'
'person' => $gduid
'address' => $guuid
'target' => 'bobjones@example.com'
'flags' => HIDDEN=0,FOLLOW=1,SHARE=1,NOHIDDEN=1,NOFOLLOW=0,NOSHARE=0
'confirm' => me_encrypt($guuid . '.' . $pass)
}

Returns:

{
'success' => 'true'
'message' => 'OK'
'flags' => PENDING=1
}







-------
Message
-------

POST https://example.com/post

{
'type' => 'post'
'person' => $guuid
'address' => $gduid
'post' => $post_id
}

Returns:
{
'success' => 'true'
'message' => 'OK'
}


--------
Callback
--------

POST https://macgirvin.com

{
'retrieve' => $post_id
'challenge' => you_encrypt('abc123')
'verify' => me_encrypt('xyz456' . '.' . $gduid)
}

Returns:

{
'success' => 'true'
'message' => 'OK'
'response' => 'abc123'
'data' => encrypted or raw structured post
}