[geeklog-devel] Atom publishing
Damien Hodgkin
dracul01 at gmail.com
Thu May 29 13:46:32 EDT 2008
In order for the ATOM enabled site to work properly with what you need, you
need to have your password properly setup and passed to the site as
a "digest" ie.
1. create a "nonce"
2. get the timestamp the nonce was created on in W3DTF format:
2003-12-15T14:43:07Z
3. create your password digest:
$PasswordDigest = Base64(SHA1("nonce goes here" + "Timestamp" + "password"))
Then you would send the PasswordDigest like this:
POST /atom.php HTTP/1.1
Host: www.example.com
Content-Type: application/atom+xml
Authorization: WSSE profile="UsernameToken" <--- must always be UsernameToken
X-WSSE: UsernameToken Username="$User", PasswordDigest="$PasswordDigest",
Nonce="$Nonce", Created="$TimeStamp"
<?xml version="1.0" encoding="utf-8"?>
<entry>
<title>FOO</title>
<created>$TimeStamp</created>
<content type="application/xhtml+xml" xml:lang="en">
<div xmlns="http://www.w3.org/1999/xhtml">
<p>Foo Bar</p>
</div>
</content>
</entry>
This looks confusing, but in all actuality it's pretty simple.
And really shouldn't be too hard to implement in PHP4.
Hope this info helps.
On Thursday 29 May 2008 12:46:25 pm Tony Bibbs wrote:
> [snip]
> 2) Flickr uses WSSE authentication. Which we can't support since it
> requires us to know the user's _unencrypted_ password.
> [/snip]
>
> Thought about a password field in the DB separate from the current one used
> only for web services? I'm thinking of one that could be still encrypted
> with, say PEAR's Crypt_Blowfish library but only usable to make WS calls?
>
> Not sure how many ATOM clients use WSSE so maybe it's not worth the effort.
>
> --Tony
>
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
--
Best Regards,
Damien
-------------
"Think for yourself and question authority." - Timothy Leary
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080529/d51511be/attachment.sig>
More information about the geeklog-devel
mailing list