IP Verification

From The Socknet

Jump to: navigation, search

When an agent makes a function call, it may includes a from field in its request. If so, it is claiming to represent a particular service or user. For many functions it is necessary to verify that the agent truly represents the service or user it claims to represent.

If the from field represents a user, the agents function can be called on that user. 

GET agents

->
{ agents: ["255.21.2.4", "255.21.3.4", "mysocknet.example.com"]
  ...
}

If the from field represents a Service, the serviceid field contains a URL. The URL points to a JSON document containing an agents field. 

HTTP GET http://www.service.com/serviceid.json

->
{ agents: ["255.100.100.100"]
  ...
}

Once the agents array is obtained, the agent is verified if and only if:

  1. the agent's IP address is in the agents array; or
  2. one of the domain names in the agents array resolves to the agent's IP address.


Considerations

The field from may contain a domain field as a hint to which of the agents entries should be checked first. 

{ from: { serviceid: "http://myblog.com/json",
             domain: "servers.myblog.com"
           }
}

GET calls do not require agent verification. This is why agents can be called without causing the sender to send another call back to the receiver.

IP Verification only indicates that an agent represents an entity identified by a particular OpenID or Service ID. It does not prove that an agent or user's human-readable name is accurate and not a spoof of some other user. It is a Good Idea for a provider to tell a user if two known entities have the same name.

IPv4 addresses in the agents list are assumed to be in dotted decimal notation with no leading zeroes in any of the octets. Y'know, the normal form. IPv6 addresses should operate correctly if normalized.

See Also

Retrieved from "http://socknet.net/w/IP_Verification"
Personal tools