1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
This is the Zot! social communications protocol.
Specification revision: 1
01 September 2011
Mike Macgirvin
This specification is public domain.
Zot is a framework for secure delivery of messages on the web based on
webfinger and encapsulating salmon.
First read the salmon and salmon magic envelope specifications. Zot also
makes use of webfinger and ActivityStreams and several concepts from RFC822
(email). Zot encompasses the zot delivery framework, and the zid remote
access protocol.
****************
* Zot delivery *
****************
Format of a zot wrapper. This completely encapsulates a salmon magic envelope
and provides privacy protection, while defining a delivery envelope - a
concept familiar to email systems. All addresses in zot are webfinger
resolvable addresses containing both salmon and zot endpoints.
<?xml version='1.0' encoding='UTF-8'?>
<zot:msg xmlns:zot='http://purl.org/zot/1.0'>
<zot:key>((key))</zot:key>
<zot:iv>((iv))</zot:iv>
<zot:env>((envelope))</zot:env>
<zot:sig key_id="xxx">((sender signature))</zot:sig>
<zot:alg>AES-256-CBC</zot:alg>
<zot:data type='application/magic-envelope+xml'>((salmon))</zot:data>
</zot:msg>
zot:key
*******
A suitable randomly generated encyption key of length 32 octets for encrypting
the envelope and salmon packet. This is then encrypted with the sender's
private key and base64url encoded.
zot:iv
******
A suitable randomly generated initialisation vector of length 16 octets for
encrypting the envelope and salmon packet. This is then encrypted with the
sender's private key and base64url encoded.
zot:env
*******
This consists of RFC822-style header fields representing the sender and
recipient(s). Example:
From: bob@example.com
Sender: bob@example.com
To: alice@example.com
Both "From:" and "Sender:" MUST be provided, and represent a webfinger
address of the author and sender respectively. The webfinger address for
the From address MUST contain a discoverable salmon public key that
is needed to verify the enclosed salmon data. Sender is used to indicate
the webfinger identity responsible for transmitting this message. From
indicates the message author.
In web-based social systems, a reply to a message SHOULD be conveyed to all of
the original message participants. Only the author of the original message
may know all the recipients (such as those contained in Bcc: elements). The
author of a message always provides 'From'. They MUST duplicate this
information as 'Sender'.
A reply to a given message MUST be sent to the original From address, and MAY
be sent to any additional addresses in the recipient list. The original author
MUST send the reply to all known recipients of the original message, with
their webfinger identity as Sender, and the comment/reply author as From.
Receiving agents SHOULD validate the From identity as the signer of the salmon
magic envelope, and MAY reject it. They SHOULD also verify the Sender signature
of the zot packet if it is different than the salmon signature. They MAY
reject the message if the Sender is not allowed in their "friend list", or if
they do not have a suitable relationship with the Sender, or if either
signature fails to validate.
To: *
indicates a public message with no specifically enumerated recipients.
The fields To:, Cc:, and/or Bcc: MAY be present. At least one recipient field
MUST be present. These fields may use the entire syntax specified by RFC822,
for example:
To: "Bob Smith" <bob@example.com>, "Alice Jones" <alice@example.com>
is a valid entry. A zot envelope is UTF-8 encoded, which differs from RFC822.
The host component MUST be US-ASCII, with punycode translation of
internationalised domain names applied.
The entire envelope is encrypted with alg using key and iv. Only AES-256-CBC
is defined as an algorithm in this specification. The encrypted envelope is
then base64url encoded for transmission.
The zot envelope MAY include remote addresses. A zot delivery agent MUST parse
all addresses and determine whether a delivery address to the current endpoint
is valid. This may be the result of:
1. An address contains the public message wildcard '*'
2. The current endpoint is a personal endpoint and one of the recipients
listed in the To:, Cc:, or Bcc: addresses matches the webfinger address of
the "owner" of the endpoint.
3. The current endpoint is a bulk delivery endpoint. The bulk delivery
ednpoint is defined elsewhere in this document. The bulk delivery agent
will deliver to all local addresses found in the address lists.
zot:sig
*******
The Sender of the message signs the underlying salmon data in the manner
prescribed by salmon. If the Sender and From address are identical, the
signature will be identical to the signature of the underlying salmon packet.
If they are different, this signature is verified with the Sender's public
key to verify the Sender.
zot:alg
*******
Currently the only valid choice for alg is "AES-256-CBC".
zot:data
********
The data field is a salmon magic envelope. This is encrypted with alg using
key and iv. The result is then base64url encoded for transmission.
For the first release of this specification, the data format of the enclosed
salmon SHOULD be 'application/atom+xml' representing an Atom formatted
ActivityStream. Future revisions MAY allow other alternate data formats.
All acceptable formats MUST be listed in an XRD property (described elsewhere
in this document).
Delivery
********
The zot message is then POSTed to the zot endpoint URL as
application/text+xml and can be decoded/decrypted by the recipient using
their private key.
The normal salmon endpoint for a service MAY be used as an alternate
delivery method for non-encrypted (e.g. public) messages.
Discover of the zot endpoint is based on webfinger XRD:
<link rel="http://purl.org/zot/1.0/post"
href="http://example/org/zot-endpoint" />
Bulk Delivery
*************
A site MAY provide a bulk delivery endpoint, which MAY be used to avoid
multiple encryptions of the same data for a single destination.
This is discoverable by providing a zot endpoint with a corresponding
salmon public key in the site's .well-known/host-meta file.
A delivery to this endpoint will deliver to all local recipients provided
within the zot envelope.
Extensibility
*************
This specification is subject to change. The current version which is in
effect at a given site may be noted by XRD properties. The following
properties MUST be present in the XRD providing the relevant endpoint:
<Property xmlns:zot="http://purl.og/zot/1.0"
type="http://purl.org/zot/1.0/version"
zot:version="1" />
<Property xmlns:zot="http://purl.og/zot/1.0"
type="http://purl.org/zot/1.0/accept"
zot:accept="application/atom+xml" />
Version is specified in this document and indicates the current revision.
Implementations MAY provide compatibility to multiple incompatible versions
by using this version indication. The "accept" indicates a range of document
content types which may be enclosed in the underlying salmon magic envelope.
We anticipate this specification will in the future allow for a close variant
of "message/rfc822" and which may include MIME. This may also be used to
embed alternate message formats and protocols such as
"application/x-diaspora+xml". If a delivery agent is unable to provide any
acceptable data format, the delivery MUST be terminated/cancelled.
**********************
* Zid authentication *
**********************
URLs may be present within a zot message which refer to private and/or
protected resources. Zid uses OpenID to gain access to these protected
resources. These could be private photos or profile information - or *any*
web accessible resource. Using zid, these can have access controls which
extends to any resolvable webfinger address.
Zid authentication relies on the presence of an OpenID provider element in
webfinger, and a URL template which is applied to protected resources within
a zot message.
The template is designated with the characters "{zid=}" within a URL of a zot
message. When the page is rendered for viewing to an observer, this template
is replaced with the webfinger address of the viewer (if known), or an empty
string if the webfinger address of the viewer cannot be determined.
For example in a message body:
http://example.com/photos/bob/picture.jpg?{zid=}
refers to a private photo which is only visible to alice@example.com.
If Alice is viewing the page, the link is rendered with
http://example.com/photos/bob/picture.jpg?zid=alice@example.com
If the page viewer is unknown, it is rendered as
http://example.com/photos/bob/picture.jpg?zid=
When the link is visited, the web server at example.com notes the presence of
the zid parameter and uses information from webfinger to locate the OpenID
provider for the zid webfinger address. It then redirects to the OpenID
server and requests authentication of the given person. If this is successful,
access to the protected resource is granted.
A browser cookie may be provided to avoid future authentication redirects
and allow authenticated browsing to other resources on the website.
Only authentication via OpenID is defined in this version of the specification.
This can be used to provide access control to any web resource to any
webfinger identity on the internet.
*********
* Links *
*********
Salmon Protocol
http://www.salmon-protocol.org/salmon-protocol-summary
Salmon Magic Envelope
http://salmon-protocol.googlecode.com/svn/trunk/draft-panzer-magicsig-01.html
Atom Activity Stream Draft
http://activitystrea.ms/specs/atom/1.0/
Activty Stream Base Schema
http://activitystrea.ms/head/activity-schema.html
WebFinger Protocol
http://code.google.com/p/webfinger/wiki/WebFingerProtocol
|