Talk:Functions

From The Socknet

Jump to: navigation, search

TODO: Required "to" field on some calls

Unfriend will need to receive a to field to identify the OpenID of the user being unfriended. This is to avoid this: 

http://openid1.com  => http://socknetprovider.com/user1
http://bad-user.com => http://socknetprovider.com/user1

An attempt to unfriend bad-user.com would result in openid1.com being unfriended too unless the to field indicates which friend is being unfriended.

This scenario is unavoidable, so some functions must require the OpenID of the recipient to be identified. Maybe all POST's will require this. (Note: if a Socknet Provider wants to allow multiple OpenID's on the same account, that's not a problem, we're only interested in thwarting the efforts of unassociated users.)

Finally, even if this change means we need a to for every POST call, the Socknet Provider URL must still be user-specific to support GET calls.

--Dan 11:58, 27 April 2010 (UTC)

Retrieved from "http://www.socknet.net/w/Talk:Functions"
Personal tools