As I have been working through the rewrite of the draft, a thought occured
to me. Would there be any advantage in doing the following:
Instead of sending notifications directly to
http://seairth.com/rna, suppose
that a sender must first POST a request to get back a URI which
notifications can be sent to (which would be used from that point on). If I
understand correctly, this would be a "capability URI" (Tyler, please
correct me if I'm wrong). A recipient could issue a capability URI to each
potential sender (or deny the request). Or, as may be likely with a mailing
list, only a single capability URI would be issued. More advanced
algorithms may do something in between (e.g., if within the same domain, use
a single, global capability, otherwise use individual capabilities). In the
event that the recipient wanted to invalidate the URI, he would just stop
responding to it (410?). All senders who got the response would need to
acquire a new capability URI (if the recipient wanted to give it out). This
would allow, for instance, a recipient to give out a URI in an online form.
If the company processing the form shared the URI with other people or
companies, you would be able to rescind the URI.
In general, I really like this idea. I have also been trying to think if
this could be used as a replacement for the <query> mechanism. For
instance, if the above POST contained the sender's generic URI, the
recipient could POST the capability URI to that address instead of return in
the sender's POST response. This would indicate that that the sender's
generic URI was valid. From that point on, the <from> element in any
notification that was received through the capability URI would have to
contain the sender's generic URI. If it didn't, you knew that the
capability URI was shared. If it did, but the resource was obviously *not*
from the sender, then you would know that the capability URI was
compromised. Either way, you revoke the URI and the hole is closed.
This potentially gets even better. Take a mailing list, for example. In
order to subscribe, all you would have to do is POST the above request to
the mailing list's generic URI. This would return a capability URI to the
list. At the same time, the list would do the same to your own generic URI.
Now, the bi-directional link is established. Later, if you wanted to
unsubscribe, all you would do is revoke the capability URI. The first time
the listserv got back a 410 response, it would know you no longer wanted to
receive notifications and would remove you from its list (as well as
possibly revoke its own capability URI to you).
So... good? bad? let me hear it!
---
Seairth Jacobs
seairth@...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
Offline 
Send Email