[geeklog-devel] Atom publishing

Damien Hodgkin dracul01 at gmail.com
Thu May 29 13:46:32 EDT 2008 

In order for the ATOM enabled site to work properly with what you need, you 
need to have your password properly setup and passed to the site as 
a "digest" ie. 
1. create a "nonce"
2. get the timestamp the nonce was created on in W3DTF format: 
2003-12-15T14:43:07Z
3. create your password digest:
$PasswordDigest = Base64(SHA1("nonce goes here" + "Timestamp" + "password"))

Then you would send the PasswordDigest like this:

POST /atom.php HTTP/1.1
Host: www.example.com
Content-Type: application/atom+xml
Authorization: WSSE profile="UsernameToken" <--- must always be UsernameToken
X-WSSE: UsernameToken Username="$User", PasswordDigest="$PasswordDigest", 
Nonce="$Nonce", Created="$TimeStamp"

<?xml version="1.0" encoding="utf-8"?>
<entry>
   <title>FOO</title>
   <created>$TimeStamp</created>
   <content type="application/xhtml+xml" xml:lang="en">
       <div xmlns="http://www.w3.org/1999/xhtml">
           <p>Foo Bar</p>
       </div>
   </content>
</entry>

This looks confusing, but in all actuality it's pretty simple. 
And really shouldn't be too hard to implement in PHP4.

Hope this info helps.

On Thursday 29 May 2008 12:46:25 pm Tony Bibbs wrote:
> [snip]
> 2) Flickr uses WSSE authentication. Which we can't support since it
> requires us to know the user's _unencrypted_ password.
> [/snip]
>
> Thought about a password field in the DB separate from the current one used
> only for web services? I'm thinking of one that could be still encrypted
> with, say PEAR's Crypt_Blowfish library but only usable to make WS calls?
>
> Not sure how many ATOM clients use WSSE so maybe it's not worth the effort.
>
> --Tony
>
>
>
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel

-- 
Best Regards,
Damien
-------------
"Think for yourself and question authority." - Timothy Leary
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
URL: <https://pairlist8.pair.net/pipermail/geeklog-devel/attachments/20080529/d51511be/attachment.sig>

More information about the geeklog-devel mailing list