check_authentication mode is weird

Paul Crowley paul at
Tue Jun 14 16:29:07 PDT 2005

Brad Fitzpatrick wrote:
> I implemented the check_authentication mode (the one for dumb consumers
> that can't do caching or sha1, etc) but found it a little weird:
>    -- you're sending a bunch of params to the server in a request
>       but they look/feel like response parameters

They sort-of are.  The consumer is saying to the server "here's the 
response I got; does it check out?"

>    1) don't care.  (easiest for dumb consumers)  and then we just
>       add a new check mode in the future if we need it.
>    2) care, somehow.  (probably not worth it?)  I was thinking of
>       maybe making a generic "check_sig" mode where consumer just
>       sends "assoc_handle", "token", and "sig", and server just
>       responds "yes" or "no", but that requires consumers making
>       the token, concatenating it all.

"yes" or "no" doesn't cut it - because the server and client clocks may 
differ, the server must interpret the valid_to part of the token and 
translate it into relative time.

Apart from that, I also see only these two options, though there may be 
others I haven't thought of.  I think we should do whatever makes least 
work for the consumer, which currently looks like option 1 to me. 
That's the whole point of dumb mode, after all.
\/ o\ Paul Crowley, paul at

More information about the yadis mailing list