Talk:Services

From The Socknet

Goals:

• To identify services consistently.
• To enable a service to register with the user so that it may send him messages with prior approval.
• To identify IP addresses that can speak on behalf of the service.
• To give the user a way to recognize the service (ie, a link to reach its home page).

These are accomplished by:

• Creating the ServiceID concept.
• Providing an agents list.
• Providing a base URL, accessible to the user, which he can use to remind him why he ever registered with the service.

We must be confident that the base URL and the ServiceID are related, otherwise a service could impersonate an unrelated website. So we:

• Ensure that the base URL is on the same domain as the ServiceID and at or below the same directory level as the ServiceID.

A variation on the way we do it now:

• Make the ServiceID serve the function of the base URL. IE, make it point to a human-readable web page.
• Require this human-readable web page to provide an element pointing to the page with all the JSON data.

The benefit of this variation is that the ServiceID cannot be separated from the base URL. The drawback is the extra indirection.

There may be an issue with base URL's redirecting to unrelated pages. But I'm not sure it's an issue at all...

--Dan 15:59, 17 August 2009 (UTC)

No, Dan, the Base URL is NOT intended as a foolproof way to prove that the service isn't impersonating some other service. It is a user-friendly URL which must be in the same location as the ServiceID. The URL is more important than where it leads. The URL's location proves the relationship to the ServiceID. It leads to a human-readable page because it will be shown to humans. Showing them the ServiceID would be a Bad Idea(tm), because they would try to go to it and discover a bunch of JSON. So we should them a human-readable substitute from the same location. Get it? Good.

--Dan 18:38, 17 August 2009 (UTC)