Changes between Version 4 and Version 5 of WifidogAPI
- Timestamp:
- 10/14/09 11:04:44 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
WifidogAPI
v4 v5 33 33 * SupportUrlForgotResendValidation 34 34 35 Ben: While we may want to completely change the format, much of this information is already available in XML format from the auth server at hotspot_status.php?format=XML 35 36 36 37 == How == … … 108 109 109 110 As for more sensitive data that would usually require a certain level of permission, since there would be no session with this web service, we'd need a scheme to pass authentication data to the request that cannot be overheard. SSL would be necessary for that, as some personal authentication data like a password or hash would be passed along the way. 111 112 Ben: Pretty much by definition of the scope of this API, we need to establish some sort of shared session between the "content" server and the auth server. To avoid complexity, passing a huge amount of data the content server may or may not need, I think we must pass a session-identifier equivalent (we should at least prevent dictionary attacks from the start) to the content server during the initial redirect, and mandate SSL. This way, the content server can request as much, or as little data from the server as it wants, and can only do so for an active session (for user specific information).