Privacy over PSHB, Webfinger, & Salmon

From Federated Social Web Incubator Group
Jump to: navigation, search


Goals

Somebody needs to implement these things! :D

This section is incomplete. You can help by expanding it.

Notes

Presentations of a couple PubSubHubbub variants for feeds of private data:

Blaine's thingy

  • add a 'From' header on subscription setup
    • -> use that as URL or webfinger to do discovery and do whatever ID verification
    • -> tell the client that the subscription is PENDING, not complete, until it's verified
  • subscribee server can let the subscribee decide to accept the subscription:
    • presenting the dialback-verified identity of the subscriber
  • once confirmed, subscribee server activates the feed and it's fully subscribed

PuSH+OAuth flow diagram document

  • toss some extra params in
  • ... scary oauth dance...
  • profit! needs better notes, I get lost every time on this one ;)

^ Both of the above look like they should generally work. OAuth dance is more complicated, but we're all doing OAuth stuff anyway so it has an appeal there.

User identifiers in subscription/relationship setup...

  • The usual flamefests about email/webfinger vs URLs continued. (Can we defer this question to let the browsers deal with raw references most of the time?)
This section is incomplete. You can help by expanding it.

Outcomes

This section is incomplete. You can help by expanding it.

== People

This section is incomplete. You can help by expanding it.