@@ -21,8 +21,9 @@ of the specification document: **v0.1.0-alpha.1**
2121 - [ 1. Terminology used in this document] ( #1-terminology-used-in-this-document )
2222 - [ 2. Trust model] ( #2-trust-model )
2323 - [ 3. APIs and communication protocols] ( #3-apis-and-communication-protocols )
24- - [ 3.1 WebSockets] ( #31-websockets )
25- - [ 3.1.1 Events over REST] ( #311-events-over-rest )
24+ - [ 3.1 ` .well-known ` ] ( #31-well-known )
25+ - [ 3.2 WebSockets] ( #32-websockets )
26+ - [ 3.2.1 Events over REST] ( #321-events-over-rest )
2627 - [ 4. Federated identity] ( #4-federated-identity )
2728 - [ 4.1 Authentication] ( #41-authentication )
2829 - [ 4.1.1 Authenticating on a foreign server] ( #411-authenticating-on-a-foreign-server )
@@ -115,7 +116,7 @@ polyproto operates under the following trust assumptions:
115116
116117## 3. APIs and communication protocols
117118
118- The polyproto specification defines a set of [ APIs] ( /APIs ) .
119+ The polyproto specification defines a set of [ APIs] ( https://apidocs.polyproto.org ) .
119120In addition to these REST APIs, polyproto employs WebSockets for real-time communication between
120121clients and servers.
121122
@@ -127,10 +128,50 @@ The APIs are divided into two categories:
127128 the client's home server.
128129
129130All software aiming to federate with other polyproto implementations must implement the APIs defined
130- in this specification. Implementations can choose to extend the APIs with additional routes but must
131- not remove or change the behavior of the routes defined in this specification.
131+ in the [ API specification] ( https://apidocs.polyproto.org ) . Implementations can choose to extend the
132+ APIs with additional routes but must not remove or change the behavior of the routes defined in
133+ this specification.
132134
133- ### 3.1 WebSockets
135+ ### 3.1 ` .well-known `
136+
137+ ` /.well-known/ ` locations facilitate the discovery of resources and services available on a given
138+ host.
139+
140+ !!! note
141+
142+ Consult the excerpt of this specification explaining what a "domain name" is, to avoid
143+ misunderstandings. You can find this excerpt [here](#def-domain-name).
144+
145+ polyproto servers can be hosted under a domain name different from the domain name
146+ appearing on ID-Certs managed by that server ** if all the following conditions are met:**
147+
148+ 1 . Define the "* visible domain name* " as the domain name visible on an ID-Cert.
149+ 2 . Define the "* actual domain name* " as the domain name where the polyproto server is actually hosted
150+ under.
151+ 3 . The * visible domain name* ** must** have a URI ` [visible domain name]/.well-known/polyproto-core ` ,
152+ accessible via an HTTP GET request.
153+ 4 . The resource accessible at this URI must be a JSON object formatted as such:
154+
155+ ``` json
156+ {
157+ "api" : " [actual domain name]/.p2/core/"
158+ }
159+ ```
160+
161+ 5 . The ID-Cert received when querying ` [actual domain name]/.p2/core/idcert/server ` with an HTTP GET
162+ request must have a field "issuer" containing domain components (` dc ` ) that, when parsed, ** equal**
163+ the domain name of the * visible domain name* . If the domain components in this field do not match
164+ the domain components of the * visible domain name* , the server hosted under the * actual domain name*
165+ must not be treated as a polyproto server for the * visible domain name* .
166+
167+ Should a client not be able to access the polyproto API endpoints located at ` [visible domain name]/.p2/core/ ` ,
168+ the client must query ` [visible domain name]/.well-known/polyproto-core ` with an HTTP GET request and
169+ try to verify the above-mentioned conditions. If all the above-mentioned conditions can be fulfilled,
170+ the client can treat the server located at the * actual domain name* as a polyproto server serving the
171+ * visible domain name* . Clients must not treat the server located at the * actual domain name* as a
172+ polyproto server serving the * actual domain name* .
173+
174+ ### 3.2 WebSockets
134175
135176WebSockets enable real-time communication between actor clients and servers.
136177
@@ -175,11 +216,11 @@ end
175216
176217 To learn more about polyproto WebSockets and WebSocket Events, consult the [WebSockets documentation](/docs/APIs/Core/WebSockets/index.md).
177218
178- #### 3.1 .1 Events over REST
219+ #### 3.2 .1 Events over REST
179220
180221For some implementation contexts, a constant WebSocket connection might not be wanted. A client can
181222instead opt to query an API endpoint to receive events, which would normally be sent through the WebSocket
182- connection. Concrete polyproto- implementations and extensions can decide whether this alternative
223+ connection. Concrete polyproto implementations and extensions can decide whether this alternative
183224behavior is supported.
184225
185226!!! example
@@ -196,9 +237,8 @@ Depending on how many events the session has
196237missed, the earliest events might be excluded from the response to limit the response body's size. This
197238behavior should be explicitly documented in implementations or extensions of polyproto.
198239
199- Due to the
200- intended use cases for retrieving events through REST rather than WebSockets, this endpoint is not
201- a long-polling endpoint.
240+ Due to the intended use cases for retrieving events through REST rather than WebSockets,
241+ this endpoint is not a long-polling endpoint.
202242
203243There are three intended, main modes for retrieving events in polyproto
204244
@@ -397,11 +437,11 @@ FIDs used in public contexts are formatted as `
[email protected] 397437
398438FIDs consist of the following parts:
399439
400- | Part | Name | Description |
401- | ------------------------------ | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------- |
402- | ` actor ` | "Local Name" or "Common Name" | Must be unique on each instance. |
403- | ` @ ` | " Separator" | Separates local name from domain name |
404- | ` optionalsubdomain.domain.tld ` | " Domain Name" | Includes top-level domain, second-level domain and other subdomains. Address which the actors' home server can be reached at. |
440+ | Part | Name | Description |
441+ | ------------------------------ | ------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------- |
442+ | ` actor ` | < a name = " def-local-name " id = " def-local-name " ></ a > "Local Name" or "Common Name" | Must be unique on each instance. |
443+ | ` @ ` | < a name = " def-separator " id = " separator " ></ a >" Separator" | Separates local name from domain name |
444+ | ` optionalsubdomain.domain.tld ` | < a name = " def-domain-name " id = " def-domain-name " ></ a >" Domain Name" | Includes top-level domain, second-level domain and other subdomains. Address which the actors' home server can be reached at. |
405445
406446The following regular expression can be used to validate actor IDs: ` \b([a-z0-9._%+-]+)@([a-z0-9-]+(\.[a-z0-9-]+)*) ` .
407447
@@ -470,6 +510,8 @@ ID-Certs encompass a subset of the structure of an X.509 certificate.
470510
471511ID-Certs have the following structure:
472512
513+ // TODO: WTF? pDN of actor must be in subject field, not issuer field!
514+
473515| Field Description | Special requirements, if any | X.509 equivalent |
474516| --------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | -------------------------------------------------------- |
475517| Correctly formatted Name attribute, according to [ #6 .1.1.1] ( #6111-polyproto-distinguished-name-pdn ) | [ polyproto Distinguished Name] ( #6111-polyproto-distinguished-name-pdn ) | Issuer Name |
0 commit comments