Adam, thanks for starting this discussion,
Le 20/02/2014 04:52, Adam Roach a écrit :
> Putting this together, what we want is something that semantically
> evaluates to:
>
> http://authority/action/url-format-version/{serial
> #,caller,callee,expiration,hmac}
As Martin points out, URLs should not represent actions, they should
represent things.
On the experiment we made with Romain Gauthier and Nicolas Perriault, we
went ahead and chose the following scheme:
# A "*" means this URI requires authentication (a valid token from the token
server,
# which contains user id).
* POST /call-url/ → Create the call url a callee can click on.
GET /calls/{token} → Get the app (that's the url in question, which
displays an app)
POST /calls/{token} → Add an incoming call (does a simple push notif
and gets room tokens)
* GET /calls/ → List incoming calls for the authenticated user.
{token} was something that is containing the user id of the callee plus
a . I don't understand why we're trying to put information about the
caller here, since we don't know who is this.
In your proposal, I don't understand what is the "serial #", and
especially why it can't replace the version as you specify it.
It seems straightforward to just have a serial number (randomly
generated and not auto incremented, because auto increment is harder to
scale) that we can revoke if needed.
It means that before displaying the app and accepting a call (we can
also chose one of them only), we will have to check in the database if
this serial # is still a valid one.
We could let the user chose what's the duration of their call-url, and
default to something specified in a configuration file if the user don't
specify anything.
> Ideally, we also want the ability to identify multiple versions of URL
> encodings, should we decide to migrate to include an enhanced scheme
> in the future.
If you're thinking about having multiple versions of the service running
at once, then I think this shouldn't be handled this way. When you ask
for a node to the token server, you ask for a particular version of the
service, and you get an endpoint to this service.
This allows us to not have to deal with multiple versions of the API in
the server code. If that's not what you're refering to, can you provide
more info?
— Alexis
_______________________________________________
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media
