[geeklog-devel] Atom publishing

Damien Hodgkin dracul01 at gmail.com
Thu May 29 13:46:32 EDT 2008

Previous message: [geeklog-devel] Atom publishing
Next message: [geeklog-devel] Atom publishing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In order for the ATOM enabled site to work properly with what you need, you
need to have your password properly setup and passed to the site as
a "digest" ie.
1. create a "nonce"
2. get the timestamp the nonce was created on in W3DTF format:
2003-12-15T14:43:07Z
3. create your password digest:
$PasswordDigest = Base64(SHA1("nonce goes here" + "Timestamp" + "password"))

Then you would send the PasswordDigest like this:

POST /atom.php HTTP/1.1
Host: www.example.com
Content-Type: application/atom+xml
Authorization: WSSE profile="UsernameToken" <--- must always be UsernameToken
X-WSSE: UsernameToken Username="$User", PasswordDigest="$PasswordDigest",
Nonce="$Nonce", Created="$TimeStamp"

<?xml version="1.0" encoding="utf-8"?>
<entry>
<title>FOO</title>
<created>$TimeStamp</created>
<content type="application/xhtml+xml" xml:lang="en">
<div xmlns="http://www.w3.org/1999/xhtml">
<p>Foo Bar</p>
</div>
</content>
</entry>

This looks confusing, but in all actuality it's pretty simple.
And really shouldn't be too hard to implement in PHP4.

Hope this info helps.

On Thursday 29 May 2008 12:46:25 pm Tony Bibbs wrote:

> [snip]

> 2) Flickr uses WSSE authentication. Which we can't support since it

> requires us to know the user's _unencrypted_ password.

> [/snip]

>

> Thought about a password field in the DB separate from the current one used

> only for web services? I'm thinking of one that could be still encrypted

> with, say PEAR's Crypt_Blowfish library but only usable to make WS calls?

>

> Not sure how many ATOM clients use WSSE so maybe it's not worth the effort.

>

> --Tony

>

>

>

> _______________________________________________

> geeklog-devel mailing list

> geeklog-devel at lists.geeklog.net

> http://eight.pairlist.net/mailman/listinfo/geeklog-devel

--
Best Regards,
Damien
-------------
"Think for yourself and question authority." - Timothy Leary
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: This is a digitally signed message part.
Url : <http://eight.pairlist.net/pipermail/geeklog-devel/attachments/20080529/d51511be/attachment.pgp>

Previous message: [geeklog-devel] Atom publishing
Next message: [geeklog-devel] Atom publishing
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devel mailing list