Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

more detail

  • Loading branch information...
commit cdeb43f987862a3955700c6ac7b3b84231e5e062 1 parent b233b9c
RedMatrix authored
Showing with 7 additions and 2 deletions.
  1. +6 −1 spec/zot-2012.txt
  2. +1 −1  version.inc
7 spec/zot-2012.txt
View
@@ -22,11 +22,16 @@ This information will identify a channel+site pair in the future. When contact i
If a new location is provided, this process is repeated but only the new location needs to be verified and stored.
-Messages are sent by providing this information in an HTTP post to the other site, along with a protocol version specifier and type of message. For some message types, the message is included. Others will require a security handshake with the remote site calling back the original to verify the identity assertion and the message is only collected at that time.
+Messages are sent by providing this information in an HTTP post (*) to the other site, along with a protocol version specifier and type of message and a verification token. For message types which do not require identity validation, the message may be included. Others will require a security handshake with the remote site calling back the original to verify the identity assertion and the message is only collected at that time.
Multiple messages may be sent, and a callback may result in the collection of multiple messages destined for this site, not necessarily limited to the channel/location which was asserted.
+(*) A POST method is used for many protocol transactions as site "hardening" tools may place overly restrictive length limits on GET data. We are typically sending several encoded/encrypted strings and these requests are likely to fail on some sites and become a nagging support issue if a GET request is used.
+
+The verification token is signed by the remote site and the signed token returned during the callback. This verifies the identity of the callback - by matching with known tokens.
+
+
Permissions:
Permissions are available for several different activities. This list is enumerated by a POST to the permissions service with the above channel+location information. An array of permissions will be returned. If no identity assertion is made, a list of the default channel permissions is returned.
2  version.inc
View
@@ -1 +1 @@
-2012-10-14.107
+2012-10-16.109
Please sign in to comment.
Something went wrong with that request. Please try again.