OpenRPC: user-attended RPC between sites

Martin Atkins mart at degeneration.co.uk
Sat Jul 16 10:10:05 PDT 2005 

(This is a pretty long message. Sorry. Please bear with me.)

Over the last few days I've been working on what I've (for now) been
calling OpenRPC. The purpose of OpenRPC is to allow one site, currently
loaded in a user's browser, to make some kind of call to a URL with the
user's permission/supervision. It makes use of OpenID to provide user
authentication.

A real-world example will probably illustrate this better. Some of these
fancy photo-hosting sites that seem to now be many and varied offer a
feature to directly post one or more of your hosted photos to your
weblog. In LiveJournal's case at least, they currently do this by taking
the user's LiveJournal username and password. Clearly this isn't the
best idea. It would be better if the site could get one-time permission
to post an entry in the weblog, and that is one of the things that
OpenRPC can allow.

I've put up a demo of the above scenario:
    <http://goathack.livejournal.org:9016/openrpc/caller>

You'll have to use your imagination a bit:
* Imagine that the RPC server is really running on LiveJournal.com and
not on the same host as the caller!
* Imagine that this caller is some photo-hosting site allowing the user
to post one or more photos from a gallery.
* Imagine that you are actually posting in your own weblog rather than
the demo one I've set up for this. In practice, the RPC gateway would
only allow the journal owner to post in the journal, but that wouldn't
make for a very good demo since you don't know the password for my demo
journal!

With all that said, then, please go ahead and post some of my photos
into the demo journal:
    <http://www.livejournal.com/users/openrpcdemo/>

The demo is a little quirky, since you're looking at the very first
implementation which I was writing essentially as I was designing it.
For this reason, the code is a mess and I shall not be releasing it
until I've had a chance to tidy it up a bit.

Posting in weblogs isn't all it's good for, of course. It can handle any
kind of RPC-shaped request, including user-authorized profile exchange:
just need to come up with a sensible profile exchange API! The system
supports return values, but obviously the weblog posting API doesn't
have much to return. In this case, it returns a URL where the new entry
can be viewed.

I've written some (very early, quick-and-dirty) words about OpenRPC here:
    <http://goathack.livejournal.org:9016/openrpc/>

It describes roughly how the protocol in my demo works, and then goes on
to describe some of the things that I percieve to need more thought/work.

-------------------------------

By the way, this isn't to be considered part of OpenID: it's a separate
application layer *atop* OpenID. I'm only really bringing this up on the
OpenID mailing list because it's where I'm likely to find people who
might be interested in this.

I'd also be interested to hear any ideas for a better name for it, since
OpenRPC isn't all that descriptive of what it does. I'm not very good at
picking cool names for things.

More information about the yadis mailing list