OpenRPC: user-attended RPC between sites

Paul Timmins paul at timmins.net
Sat Jul 16 11:49:44 PDT 2005


Why aren't you using something standard like SOAP or XML-RPC with
special parameters to pass OpenID data? I think it would be a better
idea to go that route, because the client libraries for either are
already ubiquitous, and it will speed up adoption.
-Paul

On Sat, 2005-07-16 at 18:10 +0100, Martin Atkins wrote:
> (This is a pretty long message. Sorry. Please bear with me.)
> 
> Over the last few days I've been working on what I've (for now) been
> calling OpenRPC. The purpose of OpenRPC is to allow one site, currently
> loaded in a user's browser, to make some kind of call to a URL with the
> user's permission/supervision. It makes use of OpenID to provide user
> authentication.
> 
> A real-world example will probably illustrate this better. Some of these
> fancy photo-hosting sites that seem to now be many and varied offer a
> feature to directly post one or more of your hosted photos to your
> weblog. In LiveJournal's case at least, they currently do this by taking
> the user's LiveJournal username and password. Clearly this isn't the
> best idea. It would be better if the site could get one-time permission
> to post an entry in the weblog, and that is one of the things that
> OpenRPC can allow.
> 
> I've put up a demo of the above scenario:
>     <http://goathack.livejournal.org:9016/openrpc/caller>
> 
> You'll have to use your imagination a bit:
> * Imagine that the RPC server is really running on LiveJournal.com and
> not on the same host as the caller!
> * Imagine that this caller is some photo-hosting site allowing the user
> to post one or more photos from a gallery.
> * Imagine that you are actually posting in your own weblog rather than
> the demo one I've set up for this. In practice, the RPC gateway would
> only allow the journal owner to post in the journal, but that wouldn't
> make for a very good demo since you don't know the password for my demo
> journal!
> 
> With all that said, then, please go ahead and post some of my photos
> into the demo journal:
>     <http://www.livejournal.com/users/openrpcdemo/>
> 
> The demo is a little quirky, since you're looking at the very first
> implementation which I was writing essentially as I was designing it.
> For this reason, the code is a mess and I shall not be releasing it
> until I've had a chance to tidy it up a bit.
> 
> Posting in weblogs isn't all it's good for, of course. It can handle any
> kind of RPC-shaped request, including user-authorized profile exchange:
> just need to come up with a sensible profile exchange API! The system
> supports return values, but obviously the weblog posting API doesn't
> have much to return. In this case, it returns a URL where the new entry
> can be viewed.
> 
> I've written some (very early, quick-and-dirty) words about OpenRPC here:
>     <http://goathack.livejournal.org:9016/openrpc/>
> 
> It describes roughly how the protocol in my demo works, and then goes on
> to describe some of the things that I percieve to need more thought/work.
> 
> -------------------------------
> 
> By the way, this isn't to be considered part of OpenID: it's a separate
> application layer *atop* OpenID. I'm only really bringing this up on the
> OpenID mailing list because it's where I'm likely to find people who
> might be interested in this.
> 
> I'd also be interested to hear any ideas for a better name for it, since
> OpenRPC isn't all that descriptive of what it does. I'm not very good at
> picking cool names for things.
> 
-- 
Paul Timmins <paul at timmins.net>
Timmins Technologies, LLC



More information about the yadis mailing list