SlideShare a Scribd company logo

Salmon Protocol Explained

James Walker
James Walker

Salmon is a proposed protocol that defines a standard way for comments and annotations on one site to "swim upstream" and be posted to the original source, allowing for a virtuous cycle of commentary. It works by having content signed and posted to a target site's Salmon endpoint, with the signature then verified to authenticate the sender before the target site decides how to handle the received content. Specifications are provided for Salmon implementations using Atom and JSON formats.

Technology
1 of 20
Download to read offline
Salmon Protocol #OpenWebTO : September 20, 2010
what is it?
Salmon aims to define a standard protocol for comments and annotations to swim upstream to original update sources -- and spawn more commentary in a virtuous cycle.
trackback 2.0
how does it work?
salmon flow content1 is submitted discovery performed to get the target's salmon endpoint 2 content is signed3 and posted signature verified4 and content handled5
content 1 Currently implementations in Atom Specs also list JSON Where or how the content is generated is (wisely) unspecified.
discovery 2 Using LRDD / Host-meta (aka webfinger) Determine rel="salmon" endpoint (no centralized registry!)
signed3 we don't want posts from anywhere (i.e. trackback) uses magic signatures* that's right, magic.
verified4 signed data is unfolded author determined - discovery performed for the author public key RSA signature verification performed
handled5 what the receiver does with the content is (wisely) out of scope suggestions for two patterns: reply: specify atom thr:in-reply- to mention: include rel="mentioned"
magic signatures A lightweight, robust mechanism for digitally signing nearly arbitrary messages, along with a simple public key infrastructure.
<?xml version='1.0' encoding='UTF-8'?> <entry xmlns='http://www.w3.org/2005/Atom'> <id>tag:example.com,2009:cmt-0.44775718</id> <author><name>test@example.com</name><uri>bob@example.com</uri></author> <thr:in-reply-to xmlns:thr='http://purl.org/syndication/thread/1.0' ref='tag:blogger.com,1999:blog-893591374313312737.post-3861663258538857954'> tag:blogger.com,1999:blog-893591374313312737.post-3861663258538857954 </thr:in-reply-to> <content>Salmon swim upstream!</content> <title>Salmon swim upstream!</title> <updated>2009-12-18T20:04:03Z</updated> </entry>
POST /all-replies-endpoint HTTP/1.1 Host: example.org Content-Type: application/magic-envelope+xml <?xml version='1.0' encoding='UTF-8'?> <me:env xmlns:me='http://salmon-protocol.org/ns/magic-env'> <me:data type='application/atom+xml'> PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPGVudHJ5IHhtbG5zPSdod HRwOi8vd3d3LnczLm9yZy8yMDA1L0F0b20nPgogIDxpZD50YWc6ZXhhbXBsZS5jb20sMjAwOT pjbXQtMC40NDc3NTcxODwvaWQ-ICAKICA8YXV0aG9yPjxuYW1lPnRlc3RAZXhhbXBsZS5jb20 8L25hbWU-PHVyaT5ib2JAZXhhbXBsZS5jb208L3VyaT48L2F1dGhvcj4KICA8dGhyOmluLXJl cGx5LXRvIHhtbG5zOnRocj0naHR0cDovL3B1cmwub3JnL3N5bmRpY2F0aW9uL3RocmVhZC8xL jAnCiAgICAgIHJlZj0ndGFnOmJsb2dnZXIuY29tLDE5OTk6YmxvZy04OTM1OTEzNzQzMTMzMT I3MzcucG9zdC0zODYxNjYzMjU4NTM4ODU3OTU0Jz50YWc6YmxvZ2dlci5jb20sMTk5OTpibG9 nLTg5MzU5MTM3NDMxMzMxMjczNy5wb3N0LTM4NjE2NjMyNTg1Mzg4NTc5NTQKICA8L3Rocjpp bi1yZXBseS10bz4KICA8Y29udGVudD5TYWxtb24gc3dpbSB1cHN0cmVhbSE8L2NvbnRlbnQ-C iAgPHRpdGxlPlNhbG1vbiBzd2ltIHVwc3RyZWFtITwvdGl0bGU-CiAgPHVwZGF0ZWQ-MjAwOS 0xMi0xOFQyMDowNDowM1o8L3VwZGF0ZWQ-CjwvZW50cnk-CiAgICA= </me:data> <me:encoding>base64url</me:encoding> <me:alg>RSA-SHA256</me:alg> <me:sig> cAIu8VKIhs3WedN91L3ynLT3GbZFhbVidDn-skGetENVH-3EguaYIjlPTq7Ieraq4SD BknM9STM9DR90kveUrw== </me:sig> </me:env>
what is it good for?
a little demo...
more info http://salmon-protocol.org/

Recommended

Poodle
PoodlePoodle
PoodleShreyas Kothari
 
0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutionsVlad Garbuz
 
DPNHTW
DPNHTWDPNHTW
DPNHTWmetaldart
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
4 exercises for part 1
4 exercises for part 14 exercises for part 1
4 exercises for part 1drewz lin
 
Lab multi thread
Lab multi threadLab multi thread
Lab multi threadBenj Del Mundo
 
Lec8 (2)
Lec8 (2)Lec8 (2)
Lec8 (2)Manoj Prasanna
 
Vapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreVapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreMilan Vít
 

Recommended

Poodle
PoodlePoodle
PoodleShreyas Kothari
 
0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutions0xdec0de01 crypto CTF solutions
0xdec0de01 crypto CTF solutionsVlad Garbuz
 
DPNHTW
DPNHTWDPNHTW
DPNHTWmetaldart
 
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...
Hacking cryptography: 0xdec0de01 cryptoCTF solutions and a bit more - Владими...HackIT Ukraine
 
4 exercises for part 1
4 exercises for part 14 exercises for part 1
4 exercises for part 1drewz lin
 
Lab multi thread
Lab multi threadLab multi thread
Lab multi threadBenj Del Mundo
 
Lec8 (2)
Lec8 (2)Lec8 (2)
Lec8 (2)Manoj Prasanna
 
Vapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreVapor – Swift is not only for iOS anymore
Vapor – Swift is not only for iOS anymoreMilan Vít
 
Poodle
PoodlePoodle
PoodleMukesh Chaudhari
 
Introduction to Apache Cassandra
Introduction to Apache CassandraIntroduction to Apache Cassandra
Introduction to Apache CassandraJesus Guzman
 
ASP.NET Session 8
ASP.NET Session 8ASP.NET Session 8
ASP.NET Session 8Sisir Ghosh
 
Intercloud interoperability
Intercloud interoperabilityIntercloud interoperability
Intercloud interoperabilitySam Johnston
 
SSLv3 and POODLE
SSLv3 and POODLESSLv3 and POODLE
SSLv3 and POODLEJerome Smith
 
Rescue Me - Getting out of Meetings Using Twilio
Rescue Me - Getting out of Meetings Using Twilio Rescue Me - Getting out of Meetings Using Twilio
Rescue Me - Getting out of Meetings Using Twilio bubbafat
 
Ficha tecnica
Ficha tecnicaFicha tecnica
Ficha tecnicaguest6473b8
 
Hash Function
Hash FunctionHash Function
Hash FunctionSiddharth Srivastava
 
File io
File io File io
File io نورا احمد
 
Introduction To Distributed Erlang
Introduction To Distributed ErlangIntroduction To Distributed Erlang
Introduction To Distributed ErlangDavid Dossot
 
C*ollege Credit: Data Modeling for Apache Cassandra
C*ollege Credit: Data Modeling for Apache CassandraC*ollege Credit: Data Modeling for Apache Cassandra
C*ollege Credit: Data Modeling for Apache CassandraDataStax
 
Secure code 3rd_party_libs
Secure code 3rd_party_libsSecure code 3rd_party_libs
Secure code 3rd_party_libsFKM Naimul Huda, PMP
 
"Query Execution: Expectation - Reality (Level 300)" Денис Резник
"Query Execution: Expectation - Reality (Level 300)" Денис Резник"Query Execution: Expectation - Reality (Level 300)" Денис Резник
"Query Execution: Expectation - Reality (Level 300)" Денис РезникFwdays
 
Linux50commands
Linux50commandsLinux50commands
Linux50commandsNIRMAL FELIX
 
Nachos3 - Theoretical Part
Nachos3 - Theoretical PartNachos3 - Theoretical Part
Nachos3 - Theoretical PartEduardo Triana
 
JSON based CSRF
JSON based CSRFJSON based CSRF
JSON based CSRFAmit Dubey
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Denis Kolegov
 
How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesBastian Hofmann
 
Distributed Social Networking
Distributed Social NetworkingDistributed Social Networking
Distributed Social NetworkingBastian Hofmann
 
Top 5 Tips for Building Viral Social Web Applications and Sites
Top 5 Tips for Building Viral Social Web Applications and SitesTop 5 Tips for Building Viral Social Web Applications and Sites
Top 5 Tips for Building Viral Social Web Applications and SitesJonathan LeBlanc
 
Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injectionBastian Hofmann
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial AppsBastian Hofmann
 

More Related Content

What's hot

Introduction to Apache Cassandra
Introduction to Apache CassandraIntroduction to Apache Cassandra
Introduction to Apache CassandraJesus Guzman
 
ASP.NET Session 8
ASP.NET Session 8ASP.NET Session 8
ASP.NET Session 8Sisir Ghosh
 
Intercloud interoperability
Intercloud interoperabilityIntercloud interoperability
Intercloud interoperabilitySam Johnston
 
Rescue Me - Getting out of Meetings Using Twilio
Rescue Me - Getting out of Meetings Using Twilio Rescue Me - Getting out of Meetings Using Twilio
Rescue Me - Getting out of Meetings Using Twilio bubbafat
 
Introduction To Distributed Erlang
Introduction To Distributed ErlangIntroduction To Distributed Erlang
Introduction To Distributed ErlangDavid Dossot
 
C*ollege Credit: Data Modeling for Apache Cassandra
C*ollege Credit: Data Modeling for Apache CassandraC*ollege Credit: Data Modeling for Apache Cassandra
C*ollege Credit: Data Modeling for Apache CassandraDataStax
 
"Query Execution: Expectation - Reality (Level 300)" Денис Резник
"Query Execution: Expectation - Reality (Level 300)" Денис Резник"Query Execution: Expectation - Reality (Level 300)" Денис Резник
"Query Execution: Expectation - Reality (Level 300)" Денис РезникFwdays
 
Nachos3 - Theoretical Part
Nachos3 - Theoretical PartNachos3 - Theoretical Part
Nachos3 - Theoretical PartEduardo Triana
 
JSON based CSRF
JSON based CSRFJSON based CSRF
JSON based CSRFAmit Dubey
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Denis Kolegov
 

What's hot (17)

Poodle
PoodlePoodle
Poodle
 
Introduction to Apache Cassandra
Introduction to Apache CassandraIntroduction to Apache Cassandra
Introduction to Apache Cassandra
 
ASP.NET Session 8
ASP.NET Session 8ASP.NET Session 8
ASP.NET Session 8
 
Intercloud interoperability
Intercloud interoperabilityIntercloud interoperability
Intercloud interoperability
 
SSLv3 and POODLE
SSLv3 and POODLESSLv3 and POODLE
SSLv3 and POODLE
 
Rescue Me - Getting out of Meetings Using Twilio
Rescue Me - Getting out of Meetings Using Twilio Rescue Me - Getting out of Meetings Using Twilio
Rescue Me - Getting out of Meetings Using Twilio
 
Ficha tecnica
Ficha tecnicaFicha tecnica
Ficha tecnica
 
Hash Function
Hash FunctionHash Function
Hash Function
 
File io
File io File io
File io
 
Introduction To Distributed Erlang
Introduction To Distributed ErlangIntroduction To Distributed Erlang
Introduction To Distributed Erlang
 
C*ollege Credit: Data Modeling for Apache Cassandra
C*ollege Credit: Data Modeling for Apache CassandraC*ollege Credit: Data Modeling for Apache Cassandra
C*ollege Credit: Data Modeling for Apache Cassandra
 
Secure code 3rd_party_libs
Secure code 3rd_party_libsSecure code 3rd_party_libs
Secure code 3rd_party_libs
 
"Query Execution: Expectation - Reality (Level 300)" Денис Резник
"Query Execution: Expectation - Reality (Level 300)" Денис Резник"Query Execution: Expectation - Reality (Level 300)" Денис Резник
"Query Execution: Expectation - Reality (Level 300)" Денис Резник
 
Linux50commands
Linux50commandsLinux50commands
Linux50commands
 
Nachos3 - Theoretical Part
Nachos3 - Theoretical PartNachos3 - Theoretical Part
Nachos3 - Theoretical Part
 
JSON based CSRF
JSON based CSRFJSON based CSRF
JSON based CSRF
 
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
Covert Timing Channels based on HTTP Cache Headers (Special Edition for Top 1...
 

Viewers also liked

How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesBastian Hofmann
 
Distributed Social Networking
Distributed Social NetworkingDistributed Social Networking
Distributed Social NetworkingBastian Hofmann
 
Top 5 Tips for Building Viral Social Web Applications and Sites
Top 5 Tips for Building Viral Social Web Applications and SitesTop 5 Tips for Building Viral Social Web Applications and Sites
Top 5 Tips for Building Viral Social Web Applications and SitesJonathan LeBlanc
 
Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injectionBastian Hofmann
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial AppsBastian Hofmann
 
Creating social games for millions of users
Creating social games for millions of usersCreating social games for millions of users
Creating social games for millions of usersBastian Hofmann
 
IIW10 NASCAR for Sharing
IIW10 NASCAR for SharingIIW10 NASCAR for Sharing
IIW10 NASCAR for SharingWill Meyer
 
Social Apps Done Right
Social Apps Done RightSocial Apps Done Right
Social Apps Done RightKristian Rabe
 

Viewers also liked (8)

How to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutesHow to create OpenSocial Apps in 45 minutes
How to create OpenSocial Apps in 45 minutes
 
Distributed Social Networking
Distributed Social NetworkingDistributed Social Networking
Distributed Social Networking
 
Top 5 Tips for Building Viral Social Web Applications and Sites
Top 5 Tips for Building Viral Social Web Applications and SitesTop 5 Tips for Building Viral Social Web Applications and Sites
Top 5 Tips for Building Viral Social Web Applications and Sites
 
Introduction to rg\injection
Introduction to rg\injectionIntroduction to rg\injection
Introduction to rg\injection
 
Creating OpenSocial Apps
Creating OpenSocial AppsCreating OpenSocial Apps
Creating OpenSocial Apps
 
Creating social games for millions of users
Creating social games for millions of usersCreating social games for millions of users
Creating social games for millions of users
 
IIW10 NASCAR for Sharing
IIW10 NASCAR for SharingIIW10 NASCAR for Sharing
IIW10 NASCAR for Sharing
 
Social Apps Done Right
Social Apps Done RightSocial Apps Done Right
Social Apps Done Right
 

Similar to Salmon Protocol Explained

Exploring Boto3 Events With Mitmproxy
Exploring Boto3 Events With MitmproxyExploring Boto3 Events With Mitmproxy
Exploring Boto3 Events With MitmproxyMichael Twomey
 
Xmpp presentation
Xmpp presentationXmpp presentation
Xmpp presentationJava Pro
 
CSU33012-I-microservices.pdf
CSU33012-I-microservices.pdfCSU33012-I-microservices.pdf
CSU33012-I-microservices.pdfRicky Garg
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9thaidn
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
F5 Networks Threat Analysis: Madness
F5 Networks Threat Analysis: MadnessF5 Networks Threat Analysis: Madness
F5 Networks Threat Analysis: MadnessF5 Networks
 
Lightweight Deposit using SWORD
Lightweight Deposit using SWORDLightweight Deposit using SWORD
Lightweight Deposit using SWORDAdrian Stevenson
 
Mail Server Project Report
Mail Server Project ReportMail Server Project Report
Mail Server Project ReportKavita Sharma
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointZack Meyers
 

Similar to Salmon Protocol Explained (20)

Exploring Boto3 Events With Mitmproxy
Exploring Boto3 Events With MitmproxyExploring Boto3 Events With Mitmproxy
Exploring Boto3 Events With Mitmproxy
 
COinS (eng version)
COinS (eng version)COinS (eng version)
COinS (eng version)
 
Xmpp presentation
Xmpp presentationXmpp presentation
Xmpp presentation
 
CSU33012-I-microservices.pdf
CSU33012-I-microservices.pdfCSU33012-I-microservices.pdf
CSU33012-I-microservices.pdf
 
Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9Zombilizing The Web Browser Via Flash Player 9
Zombilizing The Web Browser Via Flash Player 9
 
Computer Security
Computer SecurityComputer Security
Computer Security
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
A02 assignment-2
A02 assignment-2A02 assignment-2
A02 assignment-2
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
 
Python3 (boto3) for aws
Python3 (boto3) for awsPython3 (boto3) for aws
Python3 (boto3) for aws
 
Build your first blockchain
Build your first blockchainBuild your first blockchain
Build your first blockchain
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
F5 Networks Threat Analysis: Madness
F5 Networks Threat Analysis: MadnessF5 Networks Threat Analysis: Madness
F5 Networks Threat Analysis: Madness
 
Xmpp presentation
Xmpp presentationXmpp presentation
Xmpp presentation
 
Lightweight Deposit using SWORD
Lightweight Deposit using SWORDLightweight Deposit using SWORD
Lightweight Deposit using SWORD
 
Mail Server Project Report
Mail Server Project ReportMail Server Project Report
Mail Server Project Report
 
SOAP WEB TECHNOLOGIES
SOAP WEB TECHNOLOGIESSOAP WEB TECHNOLOGIES
SOAP WEB TECHNOLOGIES
 
Sequere socket Layer
Sequere socket LayerSequere socket Layer
Sequere socket Layer
 
HTTP1.1/2 overview
HTTP1.1/2 overviewHTTP1.1/2 overview
HTTP1.1/2 overview
 
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPointBsides-Philly-2016-Finding-A-Companys-BreakPoint
Bsides-Philly-2016-Finding-A-Companys-BreakPoint
 

More from James Walker

Federating the Social Web
Federating the Social WebFederating the Social Web
Federating the Social WebJames Walker
 
Keeping Drupal Connected
Keeping Drupal ConnectedKeeping Drupal Connected
Keeping Drupal ConnectedJames Walker
 
Your Blog is Your Social Network
Your Blog is Your Social NetworkYour Blog is Your Social Network
Your Blog is Your Social NetworkJames Walker
 
OpenID DrupalCon 2009
OpenID DrupalCon 2009OpenID DrupalCon 2009
OpenID DrupalCon 2009James Walker
 
Openid Drupalcon 2008
Openid Drupalcon 2008Openid Drupalcon 2008
Openid Drupalcon 2008James Walker
 
2007 Fsoss Drupal Under The Hood
2007 Fsoss Drupal Under The Hood2007 Fsoss Drupal Under The Hood
2007 Fsoss Drupal Under The HoodJames Walker
 
2007 Barcelona Drupalcon Image handling
2007 Barcelona Drupalcon Image handling2007 Barcelona Drupalcon Image handling
2007 Barcelona Drupalcon Image handlingJames Walker
 

More from James Walker (12)

living drupal
living drupalliving drupal
living drupal
 
Drupal & Mobile
Drupal & MobileDrupal & Mobile
Drupal & Mobile
 
Federating the Social Web
Federating the Social WebFederating the Social Web
Federating the Social Web
 
Keeping Drupal Connected
Keeping Drupal ConnectedKeeping Drupal Connected
Keeping Drupal Connected
 
OpenWeb Discovery
OpenWeb DiscoveryOpenWeb Discovery
OpenWeb Discovery
 
Using Drupal
Using DrupalUsing Drupal
Using Drupal
 
Your Blog is Your Social Network
Your Blog is Your Social NetworkYour Blog is Your Social Network
Your Blog is Your Social Network
 
Why I Hate Drupal
Why I Hate DrupalWhy I Hate Drupal
Why I Hate Drupal
 
OpenID DrupalCon 2009
OpenID DrupalCon 2009OpenID DrupalCon 2009
OpenID DrupalCon 2009
 
Openid Drupalcon 2008
Openid Drupalcon 2008Openid Drupalcon 2008
Openid Drupalcon 2008
 
2007 Fsoss Drupal Under The Hood
2007 Fsoss Drupal Under The Hood2007 Fsoss Drupal Under The Hood
2007 Fsoss Drupal Under The Hood
 
2007 Barcelona Drupalcon Image handling
2007 Barcelona Drupalcon Image handling2007 Barcelona Drupalcon Image handling
2007 Barcelona Drupalcon Image handling
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

Salmon Protocol Explained

  • 1. Salmon Protocol #OpenWebTO : September 20, 2010
  • 3. Salmon aims to define a standard protocol for comments and annotations to swim upstream to original update sources -- and spawn more commentary in a virtuous cycle.
  • 5.
  • 6. how does it work?
  • 7. salmon flow content1 is submitted discovery performed to get the target's salmon endpoint 2 content is signed3 and posted signature verified4 and content handled5
  • 8. content 1 Currently implementations in Atom Specs also list JSON Where or how the content is generated is (wisely) unspecified.
  • 9. discovery 2 Using LRDD / Host-meta (aka webfinger) Determine rel="salmon" endpoint (no centralized registry!)
  • 10. signed3 we don't want posts from anywhere (i.e. trackback) uses magic signatures* that's right, magic.
  • 11. verified4 signed data is unfolded author determined - discovery performed for the author public key RSA signature verification performed
  • 12. handled5 what the receiver does with the content is (wisely) out of scope suggestions for two patterns: reply: specify atom thr:in-reply- to mention: include rel="mentioned"
  • 13. magic signatures A lightweight, robust mechanism for digitally signing nearly arbitrary messages, along with a simple public key infrastructure.
  • 14. <?xml version='1.0' encoding='UTF-8'?> <entry xmlns='http://www.w3.org/2005/Atom'> <id>tag:example.com,2009:cmt-0.44775718</id> <author><name>test@example.com</name><uri>bob@example.com</uri></author> <thr:in-reply-to xmlns:thr='http://purl.org/syndication/thread/1.0' ref='tag:blogger.com,1999:blog-893591374313312737.post-3861663258538857954'> tag:blogger.com,1999:blog-893591374313312737.post-3861663258538857954 </thr:in-reply-to> <content>Salmon swim upstream!</content> <title>Salmon swim upstream!</title> <updated>2009-12-18T20:04:03Z</updated> </entry>
  • 15. POST /all-replies-endpoint HTTP/1.1 Host: example.org Content-Type: application/magic-envelope+xml <?xml version='1.0' encoding='UTF-8'?> <me:env xmlns:me='http://salmon-protocol.org/ns/magic-env'> <me:data type='application/atom+xml'> PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPGVudHJ5IHhtbG5zPSdod HRwOi8vd3d3LnczLm9yZy8yMDA1L0F0b20nPgogIDxpZD50YWc6ZXhhbXBsZS5jb20sMjAwOT pjbXQtMC40NDc3NTcxODwvaWQ-ICAKICA8YXV0aG9yPjxuYW1lPnRlc3RAZXhhbXBsZS5jb20 8L25hbWU-PHVyaT5ib2JAZXhhbXBsZS5jb208L3VyaT48L2F1dGhvcj4KICA8dGhyOmluLXJl cGx5LXRvIHhtbG5zOnRocj0naHR0cDovL3B1cmwub3JnL3N5bmRpY2F0aW9uL3RocmVhZC8xL jAnCiAgICAgIHJlZj0ndGFnOmJsb2dnZXIuY29tLDE5OTk6YmxvZy04OTM1OTEzNzQzMTMzMT I3MzcucG9zdC0zODYxNjYzMjU4NTM4ODU3OTU0Jz50YWc6YmxvZ2dlci5jb20sMTk5OTpibG9 nLTg5MzU5MTM3NDMxMzMxMjczNy5wb3N0LTM4NjE2NjMyNTg1Mzg4NTc5NTQKICA8L3Rocjpp bi1yZXBseS10bz4KICA8Y29udGVudD5TYWxtb24gc3dpbSB1cHN0cmVhbSE8L2NvbnRlbnQ-C iAgPHRpdGxlPlNhbG1vbiBzd2ltIHVwc3RyZWFtITwvdGl0bGU-CiAgPHVwZGF0ZWQ-MjAwOS 0xMi0xOFQyMDowNDowM1o8L3VwZGF0ZWQ-CjwvZW50cnk-CiAgICA= </me:data> <me:encoding>base64url</me:encoding> <me:alg>RSA-SHA256</me:alg> <me:sig> cAIu8VKIhs3WedN91L3ynLT3GbZFhbVidDn-skGetENVH-3EguaYIjlPTq7Ieraq4SD BknM9STM9DR90kveUrw== </me:sig> </me:env>
  • 16.
  • 17. what is it good for?
  • 19.