Confirmed users
471
edits
Identity/AttachedServices/Architecture: Difference between revisions
Jump to navigation
Jump to search
Identity/AttachedServices/Architecture (view source)
Revision as of 19:37, 4 June 2013
, 4 June 2013→Storage Server Authorization
| Line 52: | Line 52: | ||
== Storage Server Authorization == | == Storage Server Authorization == | ||
The browser will speak Queue-Sync to the Storage Server. A Persona (BrowserID) assertion for the "PICL Account Identifier" (e.g. GUID@picl.persona.org) is what allows the browser to read and write their encrypted Queue-Sync records. | |||
This assertion must be verified with the usual public-key signature checks and .well-known lookup process. For performance, the Storage Server will only verify it once, then exchange it for a token that is easier to validate (either a nonce that maps to the validated account identifier and expiration time, or an encrypted/HMACed copy of the session data). Subsequent requests will be authorized by the token. | |||
An initial draft of the storage-server protocol is [[Identity/AttachedServices/StorageProtocolZero|here]]. | |||
== Storage Server Format == | == Storage Server Format == | ||