diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2010-03-09 01:04:56 -0500 |
|---|---|---|
| committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2010-03-09 01:12:35 -0500 |
| commit | 298e62bbdd6cb8865e046072f32a38130caa8f96 (patch) | |
| tree | 6906429a255d71624e80e7362d0e98f2939cc163 /website | |
| parent | 3f7d3ab53390e4b69694cbddfdd97ebb14fa7790 (diff) | |
added website stubs about validation agent
Diffstat (limited to 'website')
| -rw-r--r-- | website/validation-agent.mdwn | 32 | ||||
| -rw-r--r-- | website/validation-agent/protocol.mdwn | 23 |
2 files changed, 55 insertions, 0 deletions
diff --git a/website/validation-agent.mdwn b/website/validation-agent.mdwn new file mode 100644 index 0000000..d95e7d4 --- /dev/null +++ b/website/validation-agent.mdwn @@ -0,0 +1,32 @@ +[[!meta title="Monkeysphere Validation Agent"]] + +# Monkeysphere Validation Agent # + +The Monkeysphere Validation Agent offers a local service for systems +to validate certificates (both X.509 and OpenPGP) and other public +keys in their proper contexts. + +Among other reasons, having a validation agent is a good thing +because: + +* Multiple tools can rely on the same PKI (e.g. the user's web browser + and the user's ssh client). +* A single validation agent can present a consistent UI to the user + (when used in an end-user context), or provide a unified trust model + to various services (when used in a server-side context). +* Authentication/certificate validation code can potentially be + isolated to a protected environment. + +## Implementations ## + +There are currently two implementations of the validation agent: + + * msva-perl + * msva-ruby + +## Protocol ## + +The Monkeysphere Validation Agent protocol (MSVA) is defined as a +minimal HTTP server with JSON-encapsulated requests and responses. +You may want to read [more protocol details](protocol). + diff --git a/website/validation-agent/protocol.mdwn b/website/validation-agent/protocol.mdwn new file mode 100644 index 0000000..e816996 --- /dev/null +++ b/website/validation-agent/protocol.mdwn @@ -0,0 +1,23 @@ +[[!meta title="Validation Agent Protocol"]] + +# Validation Agent Protocol # + +In its current form, the validation agent is conceived of as a +minimalistic HTTP server that accepts two different requests: + + GET / -- initial contact query, protocol version compatibility. + (no query parameters) + (returns: protoversion, server, available) + + POST /reviewcert -- request validation of a certificate + (query parameters: uid, context, pkc) + (returns: valid, message) + +Query parameters are posted as a JSON blob (*not* as +www-form-encoded). + +The variables that are returned are application/json as well. + +* PKC means: public key carrier: raw key, OpenPGP cert, or X.509 cert +* UID means: User ID (like in OpenPGP) +* context refers to the setting in which the certificate is offered. For example, "https" means: "this certificate was offered by an HTTPS server" |