spec(ocm): clarify invite formats (#282)

mickenordin · glpatcern · web-flow · commit 5a5abb16e150 · 2025-10-07T11:02:52.000+02:00
* spec(ocm): clarify invite formats

- Define invite string as canonical format
- Require implementations to accept string format
- Define link format as optional

Signed-off-by: Micke Nordin &lt;kano@sunet.se&gt;

* Update IETF-RFC.md

Co-authored-by: Giuseppe Lo Presti &lt;giuseppe.lopresti@cern.ch&gt;

* Rephrased the requirements to use the two formats

---------

Signed-off-by: Micke Nordin &lt;kano@sunet.se&gt;
Co-authored-by: Giuseppe Lo Presti &lt;giuseppe.lopresti@cern.ch&gt;
diff --git a/IETF-RFC.md b/IETF-RFC.md
@@ -184,6 +184,8 @@ characters.
 * __Invite Token__ - A hard-to-guess string used in the Invite Flow,
   generated by the Invite Sender OCM Server and linked uniquely to the
   Invite Sender's OCM Address.
+* __Invite String__ - A base64 encoded string containing an Invite Token
+  and the FQDN of an Invite Sender OCM Server joined by an `@`-sign.
 * __Invite Creation Gesture__ - Gesture from the Invite Sender to the
   Invite Sender OCM Server, resulting in the creation of an Invite
   Token.
@@ -411,6 +413,39 @@ Share Creation events.
 Both parties MAY delete the other party from their address book at any
 time without notifying them.
 
+### Invite format
+To accept an invite, two pieces of information are required: a `token`
+and a `provider`. There are two recognized formats:
+
+* **Invite string format:**
+  A base64-encoded string containing the token and the provider’s FQDN,
+  joined by an `@` sign. Example:
+
+  If the `token` is `a55a966e-15c1-4cb9-a39d-4e4c54399baf` and the
+  `provider` is `my-cloud-storage.org`, the combined string is
+  `a55a966e-15c1-4cb9-a39d-4e4c54399baf@my-cloud-storage.org`,
+  which when base64-encoded becomes
+  `YTU1YTk2NmUtMTVjMS00Y2I5LWEzOWQtNGU0YzU0Mzk5YmFmQG15LWNsb3VkLXN0b
+  3JhZ2Uub3Jn`.
+
+  When parsing an invite string, implementors must base64-decode it,
+  then split on the last `@` sign, taking care to allow multiple `@`
+  characters in the token part.
+
+* **Link format:**
+  If the inviting OCM Server supports a WAYF page, the invite may be
+  provided as a link with the token as a request parameter. Example:
+
+  `https://my-cloud-storage.org/wayf?token=
+  a55a966e-15c1-4cb9-a39d-4e4c54399baf`
+
+Implementations MUST be able to accept invites in the invite string
+format.  This format is considered canonical.  The link format is only
+useful if the Receiving OCM Server exposes the `inviteAcceptDialog`
+in its Discovery endpoint.  Implmentations SHOULD support the link
+format when they implement a WAYF Page that leverages those
+`inviteAcceptDialog` targets.
+
 ### Security Advantages
 
 It is important to underscore the value of the Invite in this scenario,
