LID 2.0 POST Receiver Service

From LID Wiki

Contents 1 Overview 2 Parameters 2.1 lid-content-type 2.2 lid-content 3 Example usage 4 Relationship to other LID Services

Overview

This service type defines the receiver role in a protocol by which a sending LID Object (identified by its own LID URL) may send a chunk of information (of any MIME type) to another LID Object which supports the LID 2.0 POST Receiver Service. The sent information is digitally signed and authenticated against the URL of the sending object, and may be encrypted. This service type does not define the structure of the conveyed information; such a structure may be defined by higher-level LID Services or by the requirements of the application in which this service type is used.

There are many applications of this service, such as:

• authenticating messaging
• authenticated blog comments
• authenticated trackbacks and pingbacks
• authenticated file uploads
• as a replacement for SMTP-based e-mail
• as a general-purpose message transfer protocol

etc.

The LID 2.0 POST Receiver Service does not prescribe what actions a LID Object must take upon receiving information using this service. These semantics are application-specific or defined by higher-level LID Services.

It is perfectly valid for a LID Object supporting the LID 2.0 POST Receiver Service to discard all incoming information except for information submitted by authenticated senders (using the LID Relying Party Service), or senders who not only are authenticated but belong to a certain category of senders. In case the receiver discards an incoming message, it is recommended that the content returned in response to the HTTP POST indicate such to a human client.

Parameters

Any LID Object that supports the LID 2.0 POST Receiver Service understands the following parameters:

lid-content-type

The value domain of this parameter is the same as the value domain of parameter lid-format in the LID 2.0 Format Negotiation Service. The value of this parameter indicates the type of content that has been submitted to the URL with the lid-content parameter.

This parameter must only be provided if parameter lid-content is provided as well.

lid-content

The value domain of this parameter is determined by the format specified in lid-content-type. The value of this parameter is the content that is submitted to the URL.

This parameter must only be provided if parameter lid-content-type is provided as well.

Example usage

See example in LID 2.0 POST Sender Service.

Relationship to other LID Services

It is highly advantageous to use this LID 2.0 POST Receiver Service together with a LID Relying Party Service. By doing so, the receiving LID Object has the ability to authenticate the sender of the message and check the digital signature of the incoming message.

To do so, the sending LID Object assembles a message according to the LID 2.0 POST Receiver Service, and digitally signs it using one of the supported algorithms such as OpenID or LID SSO Service. It is important that the entire payload be signed, including the content of the parameters submitted through the HTTP POST.