Changes between Version 4 and Version 5 of WifidogAPI

Show
Ignore:
Timestamp:
10/14/09 11:04:44 (13 years ago)
Author:
benoitg
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • WifidogAPI

    v4 v5  
    3333 * SupportUrlForgotResendValidation 
    3434 
     35Ben:  While we may want to completely change the format, much of this information is already available in XML format from the auth server at hotspot_status.php?format=XML 
    3536 
    3637== How ==  
     
    108109 
    109110As for more sensitive data that would usually require a certain level of permission, since there would be no session with this web service, we'd need a scheme to pass authentication data to the request that cannot be overheard.  SSL would be necessary for that, as some personal authentication data like a password or hash would be passed along the way. 
     111 
     112Ben:  Pretty much by definition of the scope of this API, we need to establish some sort of shared session between the "content" server and the auth server.  To avoid complexity, passing a huge amount of data the content server may or may not need, I think we must pass a session-identifier equivalent (we should at least prevent dictionary attacks from the start) to the content server during the initial redirect, and mandate SSL.  This way, the content server can request as much, or as little data from the server as it wants, and can only do so for an active session (for user specific information).