diff options
author | Evan Prodromou <evan@prodromou.name> | 2008-05-27 07:42:19 -0400 |
---|---|---|
committer | Evan Prodromou <evan@prodromou.name> | 2008-05-27 07:42:19 -0400 |
commit | 90b4873a00b0d8b4249a323fc84a7460024f491b (patch) | |
tree | 58a6783887b6b5fef653feed019aa1bc1e8b8baf /doc | |
parent | 47f030ef65d03dcb63f459a02598392fed71a8e4 (diff) |
client side of distributed subscription almost complete
darcs-hash:20080527114219-84dde-784ddf4d4650c17bc7a1e3e01219c6948dfc9b3d.gz
Diffstat (limited to 'doc')
-rw-r--r-- | doc/README | 3 | ||||
-rw-r--r-- | doc/TODO | 13 | ||||
-rw-r--r-- | doc/openmicroblogging.txt | 21 |
3 files changed, 23 insertions, 14 deletions
diff --git a/doc/README b/doc/README index 7bde30916..4190b637a 100644 --- a/doc/README +++ b/doc/README @@ -9,5 +9,6 @@ This package requires PHP 5.x and the following PHP Pear libraries: use the openidenabled.com libraries for OpenID auth sometime in the future. Note that this is no longer distributed separately; it's only in the openidenabled.com OpenID PHP tarball. - +- OAuth.php from http://oauth.googlecode.com/svn/code/php/ + @@ -53,12 +53,18 @@ + public stream link in top menu + dump, fix, undump database + release 0.2 -- YADIS document link on showstream -- YADIS document ++ YADIS document link on showstream ++ YADIS document - subscribe remote - add subscriber remote -- send remote notice +- server side of user authorization +- server side of request token +- server side of access token +- OAuth store +- log of consumers who ask for access - receive remote notice +- send remote notice +- subscribe form for not-logged-in users on showstream - pretty URLs - doc action - about doc @@ -76,6 +82,7 @@ - add a next page link to public - add a next page link to all - AGPL notification +- Check licenses of all libraries for compatibility - gettext - release 0.3 - license per notice diff --git a/doc/openmicroblogging.txt b/doc/openmicroblogging.txt index 6fd3b7cec..097291640 100644 --- a/doc/openmicroblogging.txt +++ b/doc/openmicroblogging.txt @@ -60,7 +60,7 @@ notice URI Initiation ========== -The user submits their profile URL [*] to the remote service somehow -- +The user submits their profile URL [*]_ to the remote service somehow -- for example, with an HTML form on the remote service's Web site. .. [*] For OAuth Discovery, this is the "protected resource". It may @@ -96,11 +96,12 @@ Authorization The remote service must go through the OAuth 1.0 dance to get authorization to post notices and update profiles. -In all OAuth, the consumer key should be blank (''), unless the remote -server and local service have negotiated another key. Such negotiation -is out-of-scope for this document, and we assume an "open" network of -microblogging services. But if you want to have that kind of network, -do it with this key. +In all OAuth, the consumer key should be the root URL for the +microblogging service, if available. The secret should be the blank +string (''), unless the remote server and local service have negotiated +another key. Such negotiation is out-of-scope for this document, and we +assume an "open" network of microblogging services. But if you want to +have that kind of network, do it with this key. The remote service MUST do OAuth for every new listener, regardless of whether they've already received authorization for posting to the @@ -253,17 +254,17 @@ The local service makes no guarantees about the delivery of the notice to anyone. The remote service SHOULD NOT send a message with the same notice URL -to the same postNotice URL more than once. [2]_ If the request returns +to the same postNotice URL more than once. [*]_ If the request returns a 403 Unauthorized message, the remote service SHOULD NOT post messages to the same URL again with the same listenee, until another -listener has gone through the OAuth dance. [3]_ +listener has gone through the OAuth dance. [*]_ -.. [2] A half-assed optimization. A local service may have a lot of +.. [*] A half-assed optimization. A local service may have a lot of listeners listening to the same listenee. It would be pointless to have the remote service post the same notice 100 times to the same service. However, if the local service wants fine-grained control, it can have a different postNotice URL for each listener. -.. [3] If there's one postNotice URL per listener, the 403 message +.. [*] If there's one postNotice URL per listener, the 403 message means the listener has told the local service not to allow posting any more ("unsubscribed"). If there's one postNotice URL per local service, it means that the count of listeners has dropped to 0. |