Salmon is a proposed protocol that defines a standard way for comments and annotations on one site to "swim upstream" and be posted to the original source, allowing for a virtuous cycle of commentary. It works by having content signed and posted to a target site's Salmon endpoint, with the signature then verified to authenticate the sender before the target site decides how to handle the received content. Specifications are provided for Salmon implementations using Atom and JSON formats.
3. Salmon aims to define a standard protocol for
comments and annotations to swim upstream to
original update sources -- and spawn more
commentary in a virtuous cycle.
7. salmon flow
content1 is submitted
discovery performed to get the
target's salmon endpoint 2
content is signed3 and posted
signature verified4 and content
handled5
9. discovery 2
Using LRDD / Host-meta (aka
webfinger)
Determine rel="salmon" endpoint
(no centralized registry!)
10. signed3
we don't want posts from anywhere
(i.e. trackback)
uses magic signatures*
that's right, magic.
11. verified4
signed data is unfolded
author determined - discovery
performed for the author public key
RSA signature verification
performed
12. handled5
what the receiver does with the
content is (wisely) out of scope
suggestions for two patterns:
reply: specify atom thr:in-reply-
to
mention: include rel="mentioned"
13. magic signatures
A lightweight, robust mechanism for digitally
signing nearly arbitrary messages, along with a
simple public key infrastructure.