Talk:Litmus:Web Services

From MozillaWiki
Revision as of 03:29, 12 November 2005 by ChrisCooper (talk | contribs) (Using token)
Jump to navigation Jump to search

should the attribute of the testresult be password or digital signature?

The password should be some hashed version of password if any. I would separate the platform information into a tag bay itself and added a signature at the end of test results. 


<testresults>
  <sender
    username="foo@bar" />

  <environment
    useragent="blah"
    platform="bar"
    opsys="sys"
    branch="branch"
    buildid="bid" />

  <result testid="123" result="result">
    <comment>Optional Comment Goes Here</comment>
    <!-- I don't understand the bits in process_test.cgi about bugs, so I've
         left that part out for the moment -->
  </result>

  <authentication 
    signature="signed MAC of all tags above" />

</testresults>

Using token

I like your approach of hashing the whole message, but I don't think we need to use a separate token to do so. If it's not being sent over the wire, could we not simply use the password as the salt? Saves creating and maintaining another piece of sensitive user data.

Retrieved from "https://wiki.mozilla.org/index.php?title=Talk:Litmus:Web_Services&oldid=13479"