Confirmed users
398
edits
TrustedAuthority: Difference between revisions
→API for Trusted Authority
| Line 4: | Line 4: | ||
== API for Trusted Authority == | == API for Trusted Authority == | ||
If a page needs to access some privilege APIs, it needs to request for authorization. | |||
The web page asks UA for the authorization, the UA would create a request object to ask Trusted Authority to authorize the access. | |||
request | The web pages request for the authorization of APIs. | ||
TrustedAuthority.requestAPI(["API-1", "API-2", ...]) | |||
.then(APIs => doSomething()) | |||
.catch(reason => errorHandling()); | |||
The request created by the UA. | |||
{ | { | ||
APIs: ["name", "of", "APIs"], | APIs: ["name", "of", "APIs"], | ||
| Line 17: | Line 23: | ||
} | } | ||
response | The response replied by the Trusted Authority. | ||
{ | { | ||
authorizeLocation: "page url", | authorizeLocation: "page url", | ||
| Line 27: | Line 33: | ||
If the UA keeps the response in a local cache, it should check |validBefore| and make sure all resources in |characteristicResources| having the same hash code/not being changed before grant APIs to the page. | If the UA keeps the response in a local cache, it should check |validBefore| and make sure all resources in |characteristicResources| having the same hash code/not being changed before grant APIs to the page. | ||
The Trusted Authority would be run as an addon or service page at local, but talk to remote server hosted by the Trusted Authority. | The Trusted Authority would be run as an addon or service page at local, but talk to remote server hosted by the Trusted Authority. | ||