Re: discovering an authority endpoint from Melvin Carvalho on 2014-11-19 (public-webpayments@w3.org from November 2014)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Wed, 19 Nov 2014 14:58:29 +0100
To: Adrian Hope-Bailie <adrian@hopebailie.com>
Cc: Web Payments <public-webpayments@w3.org>
Message-ID: <CAKaEYhJYi7CwkzmEKD6h2Nem-KdquwCEyPpn4s49gGiqh-RKiQ@mail.gmail.com>

On 19 November 2014 12:21, Adrian Hope-Bailie <adrian@hopebailie.com> wrote:

> Are you trying to determine the URL that a transaction object must be
> posted to by applying a standard algorithm to the recipient identifier?
>

If the authority is bluebank.com, do I always post to the home page, or do
they have a specific endpoint that I can find?


> i.e. Is this similar to OpenID Connect Discovery protocol or
> Ripple/Stellar federation protocol?
>

Not sure how these two currently do discovery, but the common principle of
following links would work for me, if that's how it works.


>
> On 19 November 2014 12:10, Melvin Carvalho <melvincarvalho@gmail.com>
> wrote:
>
>>
>>
>> On 26 October 2014 20:01, Melvin Carvalho <melvincarvalho@gmail.com>
>> wrote:
>>
>>> Looking at the Web Payments 1.0 spec, I see:
>>>
>>> ---------------------------------- Step #3 ----------------------------------
>>>
>>> *** Agent HTTPS POSTs the Transaction object to the authority
>>>
>>> POST transactions HTTP/1.1
>>> Host: bluebank.com
>>> Content-Length: 634
>>> Content-Type: application/ld+json
>>>
>>> {
>>>    "type": "Transaction"
>>>    "transfer":
>>>    {
>>>       "type": "Transfer",
>>>       "amount": "7.50",
>>>       "currency": "USD",
>>>       "source": "https://bluebank.com/people/john/accounts/party-funds",
>>>       "destination": "https://redbank.com/people/jane/accounts/hosting",
>>>       "comment": "Chipping in for the Pizza Party tomorrow."
>>>    },
>>>    "signature":
>>>    {
>>>       "type": "JsonLdSignature",
>>>       "created": "2011-09-23T20:21:34Z",
>>>       "signer": "http://bluebank.com/people/john/keys/5",
>>>       "signatureValue": "ExMgoDIyOGQzNGVkMzVmmMzYzI43Q3OQzNmOWM32Nj4NTIyZTkZDYMI="
>>>    }
>>> }
>>>
>>> Some questions:
>>>
>>> 1. How do I know where to POST this file to, given that I may know the authority already?
>>>
>>> 2. Can I use PUT as well as POST?
>>>
>>> 3. Is signature mandatory, e.g. if user is already authenticated, perhaps it's not always needed?
>>>
>>>
>> Was wondering if anyone has any thoughts on this, else I'l try and work
>> out my own solution.
>>
>>
>

Received on Wednesday, 19 November 2014 13:58:58 UTC