diff --git a/index.html b/index.html index 7f09513..deddb0d 100644 --- a/index.html +++ b/index.html @@ -336,9 +336,10 @@

A push subscription has an associated endpoint. It MUST be the absolute URL exposed by the push - service where the application server can send push messages to. An - endpoint MUST uniquely identify the push subscription. + "push endpoint|push endpoints">push endpoint. It MUST be the absolute URL exposed + by the push service where the application server can send push + messages to. A push endpoint MUST uniquely identify the push + subscription.

@@ -348,8 +349,8 @@

The term push service refers to a system that allows application servers to send push messages to a webapp. A - push service serves the endpoint or endpoints for the push - subscriptions it serves. + push service serves the push endpoint or endpoints + for the push subscriptions it serves.

@@ -388,10 +389,10 @@

subscription MUST be deactivated.

- The endpoint of a deactivated push subscription MUST NOT be reused for - a new push subscription. This prevents the creation of a persistent identifier that - the user cannot remove. This also prevents reuse of the details of one push - subscription to send push messages to another push subscription. + The push endpoint of a deactivated push subscription MUST NOT be + reused for a new push subscription. This prevents the creation of a persistent + identifier that the user cannot remove. This also prevents reuse of the details of one + push subscription to send push messages to another push subscription.

User agents MUST implement the Push API to be HTTPS-only. SSL-only support provides @@ -409,11 +410,11 @@

  • the application server requests that the push service deliver a push - message using the [[!WEBPUSH-PROTOCOL]]. This request uses the endpoint included - in the push subscription; + message using the [[!WEBPUSH-PROTOCOL]]. This request uses the push endpoint + included in the push subscription;
  • the push service delivers the message to a specific user agent, - identifying the endpoint in the message; + identifying the push endpoint in the message;
  • the user agent identifies the intended webapp, activates the Service Worker for the webapp as necessary, and delivers the push message to the @@ -447,6 +448,7 @@

    function(pushSubscription) { console.log(pushSubscription.endpoint); console.log(pushSubscription.getKey('p256dh')); + console.log(pushSubscription.getKey('auth')); // The push subscription details needed by the application // server are now available, and can be sent to it using, // for example, an XMLHttpRequest. @@ -481,23 +483,25 @@

    The fields included in the PushSubscription is all the information needed for an application server to send a push message. Push services that are - compatible with the Push API provide an endpoint that conforms to the web push - protocol. These parameters and attributes include: + compatible with the Push API provide a push endpoint that conforms to the web + push protocol. These parameters and attributes include:

      -
    • The endpoint of a - PushSubscription is a URL that allows an application server to - request delivery of a push message to a webapp. +
    • The push endpoint of a + PushSubscription is a URL that allows an application server to request + delivery of a push message to a webapp.
    • The getKey method on a - PushSubscription is used to retrieve keying material used to encipher - push messages. Each invocation of the function returns a new + PushSubscription is used to retrieve keying material used to encrypt and + authenticate push messages. Each invocation of the function returns a new ArrayBuffer that contains the value of the corresponding key, or null if the identified key doesn't exist. Passing a value of - p256dh retrieves a elliptic curve Diffie-Hellman - (ECDH) public key associated with the push subscription. This key is used by - the application server to encipher messages for the push subscription, as - described in [[!WEBPUSH-ENCRYPTION]]. + p256dh retrieves a elliptic curve Diffie-Hellman + (ECDH) public key associated with the push subscription. Passing a value of + auth returns an authentication secret that an application server uses in + authentication of its messages. These keys are used by the application server to + encrypt and authenticate messages for the push subscription, as described in + [[!WEBPUSH-ENCRYPTION]].

@@ -606,8 +610,13 @@

  • Generate a new P-256 ECDH key pair. Store the private key in an internal slot associated with the subscription; this value MUST NOT be made available to applications. The public key is also stored in an internal slot and can be retrieved by calling the - getKey of the PushSubscription with an argument of - p256dh. + getKey method of the PushSubscription with an argument of + p256dh. +
    • +
  • Generate a new authentication secret, which is a sequence of octets as defined in + [[!WEBPUSH-ENCRYPTION]]. Store the authentication secret in an internal slot associated + with the subscription. This key can be retrieved by calling the getKey method + of the PushSubscription with an argument of auth.
  • When the request has been completed, resolve promise with a PushSubscription providing the details of the new push @@ -710,37 +719,42 @@

    - When getting the PushSubscription.endpoint attribute, the user - agent MUST return the endpoint associated with the push subscription. + When getting the endpoint + attribute, the user agent MUST return the push endpoint associated with the + push subscription.

    The PushSubscription.getKey method - retrieves a public key that can be used for enciphering messages. When getKey is invoked the following process is followed: + data-lt="PushSubscription-getKey">getKey method retrieves keying material that + can be used for encrypting and authenticating messages. When getKey is + invoked the following process is followed:

      -
    1. Find the internal slot that contains the encryption key pair named by the - name argument. +
    2. Find the internal slot corresponding to the key named by the name + argument.
      3. -
    3. If an encryption key was not found, return null. +
    4. If a slot was not found, return null.
    5. Initialize a variable key with a newly instantiated ArrayBuffer instance.
      6. -
    6. Set the contents of key to the serialized value of the public key from the - key pair. This uses the serialization format described in the specification that defines - the name. For example, [[!WEBPUSH-ENCRYPTION]] specifies that the p256dh - public key is encoded using the uncompressed format defined in [[X9.62]] Annex A (that is, - a 65 octet sequence that starts with a 0x04 octet). +
    7. If the internal slot contains an asymmetric key pair, set the contents of + key to the serialized value of the public key from the key pair. This uses the + serialization format described in the specification that defines the name. For example, + [[!WEBPUSH-ENCRYPTION]] specifies that the p256dh public key is encoded + using the uncompressed format defined in [[X9.62]] Annex A (that is, a 65 octet sequence + that starts with a 0x04 octet). +
      8. +
    8. Otherwise, if the internal slot contains a symmetric key, set the contents of + key to a copy of the value from the internal slot. For example, the + auth parameter contains an octet sequence used by the user agent to + authenticate messages sent by an application server.
    9. Return key.

    - An encryption key named p256dh MUST be supported, which is used to retrieve a - P-256 ECDH public key as described by [[!WEBPUSH-ENCRYPTION]]. + Keys named p256dh and auth MUST be supported.

    The

  • For each identifier i corresponding to keys in internal slots on the PushSubscription, ordered by the name of the key:
      -
    1. Let b by the encoded value of the public key corresponding to the key - name i, using the encoding defined for the key name (see getKey). +
    2. If the internal slot corresponds to an asymmetric key pair, let b be the + encoded value of the public key corresponding to the key name i, using the + encoding defined for the key name (see getKey). +
      3. +
    3. Otherwise, let b be the value as returned by getKey.
    4. Let s be the URL-safe base64 encoding of b as a USVString. The user agent MUST use a serialization method @@ -807,7 +823,7 @@

      Encryption keys used for push message encryption are provided to a webapp - through the getKey method or the serializer of + through the getKey method or the serializer of PushSubscription. Each key is named using a value from the PushEncryptionKeyName enumeration.

      @@ -815,12 +831,19 @@

      p256dh
      +
      + auth +

      - The p256dh value is used - to retrieve the P-256 ECDH Diffie-Hellman public key described in + The p256dh value is + used to retrieve the P-256 ECDH Diffie-Hellman public key described in [[!WEBPUSH-ENCRYPTION]].

      +

      + The auth value is used to + retrieve the authentication secret described in [[!WEBPUSH-ENCRYPTION]]. +