- From: Christian Weiske <cweiske@cweiske.de>
- Date: Thu, 12 Mar 2015 08:51:38 +0100
- To: public-pubsub@w3.org
Hi, >Does the client/subscriber have to see a subscription as being >"accepted" until he gets a "denied" state on his callback URL? > >Why is there no "subscription accepted" call to the callback URL? > >Also, why does the callback not get the signature passed for requests >with hub.mode=denied? >Bad people could fake unsubscription confirmations without it. Reported as https://github.com/pubsubhubbub/PubSubHubbub/issues/29 Answer by julien51: There's no need for a "subscription accepted" call for the subscriber for the exact same reason given in #27: the subscriber has the last word. If the subscriber accepts the verification of intent, the subscription should be considered successful (hence no need to inform him of the same thing twice). Your second point may be valid though (I have to think more about it!). However, I think the subscriber should not consider the subscription successful until he's confirm the intent. So, if it gets a denial first, and then a verification of intent, the subscriber could/should(?) consider that his subscription has eventually been validated by the publisher. -- Regards/Mit freundlichen Grüßen Christian Weiske -= Geeking around in the name of science since 1982 =-
Received on Thursday, 12 March 2015 07:52:02 UTC