Talk:Litmus:Web Services

From MozillaWiki
Revision as of 04:45, 12 November 2005 by Ruza (talk | contribs) (→‎Using tokens)
Jump to navigation Jump to search

should the attribute of the testresult be password or digital signature?

The password should be some hashed version of password if any. I would separate the platform information into a tag bay itself and added a signature at the end of test results. 


<testresults>
  <sender
    username="foo@bar" />

  <environment
    useragent="blah"
    platform="bar"
    opsys="sys"
    branch="branch"
    buildid="bid" />

  <result testid="123" result="result">
    <comment>Optional Comment Goes Here</comment>
    <!-- I don't understand the bits in process_test.cgi about bugs, so I've
         left that part out for the moment -->
  </result>

  <authentication 
    signature="signed MAC of all tags above" />

</testresults>

Using tokens

I like your approach of hashing the whole message, but I don't think we need to use a separate token to do so. If it's not being sent over the wire, could we not simply use the password as the salt? Saves creating and maintaining another piece of sensitive user data.

coop 19:30, 11 Nov 2005 (PST)

First what are we trying to achieve?

Is it integrity of the message during transport over the net?
Is it integrity of the message during storage?
Is it authentication of the message?

If it is transport over the net, can SSL/TLS be used?

Is this level of integrity required all the time or would it be okay for people/processes to submit test report without authentication and integrity check? (availability vs. integrity & authenticity tradeof)

--Ruza 20:45, 11 Nov 2005 (PST)

Retrieved from "https://wiki.mozilla.org/index.php?title=Talk:Litmus:Web_Services&oldid=13543"