User:Infinity Linden/OGP Service Establishment Pattern
Revision as of 10:43, 22 May 2009 by Infinity Linden (talk | contribs)
OGP uses this pattern when establishing a session with a particular service. In the discussions below, note that the client is the system making the request. This is not always the client application; sometimes it's an agent domain or region domain process or component.
- Step 1 - the client sends the authenticate message to the service establishment protocol endpoint
- We assume the client is in possession of the service establishment protocol endpoint's URL. How it gets the address of the endpoint is outside the scope of this pattern. The contents of this message will look astonishingly similar to the agent_login message in the OGP : Auth document. In fact, i propose we replace agent_login with authenticate.
- Step 2 - the server validates the credentials in the authentication request
- Credentials may be the the user authenticator defined in the OGP : Auth document, or an OAuth token or a client certificate. (or in some cases, it;s going to be null.) The service establishment endpoint should have a policy for which credentials it prefers, which it forbids and which it allows.
- Step 3 - the client optionally verifies the server's certificate
- Many service establishment requests will be made via HTTPS. The client SHOULD verify that it trusts a certificate in the server's cert chain.
- Step 4 - the client requests a set of capabilities by sending the cap/request message to the seed cap
- Hmm... we need to specify how this is done. I don't see it in the current doc set, and the docs from last summer's interop fest were less than clear.
- Step 5 - the server responds with a set of capabilities for the client
- These are the service capabilities; the client uses these to get a service from the server.
- Step 6 - the client sends a service request to a capability
- This is how servers offer services to clients.