diff options
Diffstat (limited to 'website')
-rw-r--r-- | website/validation-agent.mdwn | 32 | ||||
-rw-r--r-- | website/validation-agent/protocol.mdwn | 24 |
2 files changed, 56 insertions, 0 deletions
diff --git a/website/validation-agent.mdwn b/website/validation-agent.mdwn new file mode 100644 index 0000000..d95e7d4 --- /dev/null +++ b/website/validation-agent.mdwn @@ -0,0 +1,32 @@ +[[!meta title="Monkeysphere Validation Agent"]] + +# Monkeysphere Validation Agent # + +The Monkeysphere Validation Agent offers a local service for systems +to validate certificates (both X.509 and OpenPGP) and other public +keys in their proper contexts. + +Among other reasons, having a validation agent is a good thing +because: + +* Multiple tools can rely on the same PKI (e.g. the user's web browser + and the user's ssh client). +* A single validation agent can present a consistent UI to the user + (when used in an end-user context), or provide a unified trust model + to various services (when used in a server-side context). +* Authentication/certificate validation code can potentially be + isolated to a protected environment. + +## Implementations ## + +There are currently two implementations of the validation agent: + + * msva-perl + * msva-ruby + +## Protocol ## + +The Monkeysphere Validation Agent protocol (MSVA) is defined as a +minimal HTTP server with JSON-encapsulated requests and responses. +You may want to read [more protocol details](protocol). + diff --git a/website/validation-agent/protocol.mdwn b/website/validation-agent/protocol.mdwn new file mode 100644 index 0000000..4e6811a --- /dev/null +++ b/website/validation-agent/protocol.mdwn @@ -0,0 +1,24 @@ +[[!meta title="Validation Agent Protocol"]] + +# Validation Agent Protocol # + +In its current form, the +[Monkeysphere Validation Agent](/validation-agent) is conceived of as +a minimalistic HTTP server that accepts two different requests: + + GET / -- initial contact query, protocol version compatibility. + (no query parameters) + (returns: protoversion, server, available) + + POST /reviewcert -- request validation of a certificate + (query parameters: uid, context, pkc) + (returns: valid, message) + +Query parameters are posted as a JSON blob (*not* as +www-form-encoded). + +The variables that are returned are application/json as well. + +* PKC means: public key carrier: raw key, OpenPGP cert, or X.509 cert +* UID means: User ID (like in OpenPGP) +* context refers to the setting in which the certificate is offered. For example, "https" means: "this certificate was offered by an HTTPS server" |