From: Daniel Kahn Gillmor Date: Tue, 9 Mar 2010 06:04:56 +0000 (-0500) Subject: added website stubs about validation agent X-Git-Tag: monkeysphere_0.29~32 X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=298e62bbdd6cb8865e046072f32a38130caa8f96;p=monkeysphere.git added website stubs about validation agent --- diff --git a/website/validation-agent.mdwn b/website/validation-agent.mdwn new file mode 100644 index 0000000..d95e7d4 --- /dev/null +++ b/website/validation-agent.mdwn @@ -0,0 +1,32 @@ +[[!meta title="Monkeysphere Validation Agent"]] + +# Monkeysphere Validation Agent # + +The Monkeysphere Validation Agent offers a local service for systems +to validate certificates (both X.509 and OpenPGP) and other public +keys in their proper contexts. + +Among other reasons, having a validation agent is a good thing +because: + +* Multiple tools can rely on the same PKI (e.g. the user's web browser + and the user's ssh client). +* A single validation agent can present a consistent UI to the user + (when used in an end-user context), or provide a unified trust model + to various services (when used in a server-side context). +* Authentication/certificate validation code can potentially be + isolated to a protected environment. + +## Implementations ## + +There are currently two implementations of the validation agent: + + * msva-perl + * msva-ruby + +## Protocol ## + +The Monkeysphere Validation Agent protocol (MSVA) is defined as a +minimal HTTP server with JSON-encapsulated requests and responses. +You may want to read [more protocol details](protocol). + diff --git a/website/validation-agent/protocol.mdwn b/website/validation-agent/protocol.mdwn new file mode 100644 index 0000000..e816996 --- /dev/null +++ b/website/validation-agent/protocol.mdwn @@ -0,0 +1,23 @@ +[[!meta title="Validation Agent Protocol"]] + +# Validation Agent Protocol # + +In its current form, the validation agent is conceived of as a +minimalistic HTTP server that accepts two different requests: + + GET / -- initial contact query, protocol version compatibility. + (no query parameters) + (returns: protoversion, server, available) + + POST /reviewcert -- request validation of a certificate + (query parameters: uid, context, pkc) + (returns: valid, message) + +Query parameters are posted as a JSON blob (*not* as +www-form-encoded). + +The variables that are returned are application/json as well. + +* PKC means: public key carrier: raw key, OpenPGP cert, or X.509 cert +* UID means: User ID (like in OpenPGP) +* context refers to the setting in which the certificate is offered. For example, "https" means: "this certificate was offered by an HTTPS server"