I posted some initial thoughts on how hubs could do verification of
notification requests here -
http://rsscloud.org/walkthrough/proposedChange.html#comment-16574967

Since then I've been looking at how PubSubHubbub (PuSH) does
verification -
http://pubsubhubbub.googlecode.com/svn/trunk/pubsubhubbub-core-0.2.html#verifysu\
b
- and getting clarification from the PuSH email list on how this
works.

After looking at PuSH and putting it together with the other feedback
I've been sent here's a simple run down of what I see:


1- Hub gets a notification request
2- Hub makes an HTTP GET request to the submitted notification end
point, with two variables:
url - the feed URL that the notification wants to get updates about
challenge - a random string generated by the Hub
3- The notification end point MUST reply with a successful HTTP status
code (2xx) and the body of the response MUST only contain the
challenge string provided by the Hub in order for verification to be
considered successful by the Hub.

This gives the notification end a chance to decide if it really wants
updates about a specific feed and allows the Hub to be reasonably
confident that the notification end point is really expecting pings
and isn't just a random URL.



Any thoughts/suggestions/improvements?



--
Joseph Scott
joseph@...
http://josephscott.org/