Services/Sync/WEP/110: Difference between revisions
No edit summary |
|||
| Line 28: | Line 28: | ||
methods: | methods: | ||
{ | { | ||
"login": | |||
{ | |||
path: "/login", | |||
method: "POST", | |||
params: | |||
{ | |||
userName: "usr", | |||
password: "pwd" | |||
} | |||
}, | |||
"register": | "register": | ||
{ | { | ||
| Line 40: | Line 50: | ||
password: ["pw_field", "pw_field2"] | password: ["pw_field", "pw_field2"] | ||
} | } | ||
}, | }, | ||
"password": | "password": | ||
| Line 49: | Line 56: | ||
} | } | ||
} | } | ||
The identity JSON object MUST contain the <tt>domain</tt> and <tt>methods</tt> properties. The <tt>domain</tt> property MUST match both the domain which hosts the identity JSON object as well as the page that contained the <tt><link rel></tt> pointing to it. | |||
The <tt>methods</tt> property MUST contain at a minimum the <tt>login</tt> property and MAY contain additional <tt>register</tt> and <tt>password</tt> properties. | |||
=== Function === | === Function === | ||
Revision as of 17:34, 28 October 2009
|
THIS PAGE IS A WORKING DRAFT | 
|
| The page may be difficult to navigate, and some information on its subject might be incomplete and/or evolving rapidly. If you have any questions or ideas, please add them as a new topic on the discussion page. |
WEP 110 - Site Auto-registration and Password Change
- Status: Draft
- Created: 28 Oct 2009
- Reference Implementation: None
- WEP Index
Introduction
As part of the Weave Identity extension, we should support auto-registration of user accounts at websites and also manage passwords on behalf of the user. This WEP tackles the specific issue of the metadata that a site must provide to Weave in order to enable these features.
Metadata
Websites should include a <link rel> tag on every page that requires the presence of an identity (pages behind authentication, or registration pages).
<link rel="identity" href="/identity.json" />
Suggested alternate values for rel value: autoregister
JSON Format
The href attribute of the identity <link rel> should point to a JSON file that describes the interface the website provides to auto-register accounts and manage them. The format of the JSON file is described in this section. The JSON file must be present on the same domain as the web page that pointed to it, or could alternatively be a chrome URI.
{
domain: "http://example.org/",
methods:
{
"login":
{
path: "/login",
method: "POST",
params:
{
userName: "usr",
password: "pwd"
}
},
"register":
{
path: "/register",
method: "POST",
params:
{
userName: "name_field",
givenName: "first_name_field",
familyName: "last_name_field",
emailHome: "email_field",
password: ["pw_field", "pw_field2"]
}
},
"password":
{
}
}
}
The identity JSON object MUST contain the domain and methods properties. The domain property MUST match both the domain which hosts the identity JSON object as well as the page that contained the <link rel> pointing to it.
The methods property MUST contain at a minimum the login property and MAY contain additional register and password properties.
Function
When Weave detects the presence of an identity tag, it will act as follows:
- If the user is currently not logged in:
- If there is an identity in local store corresponding to the current domain:
- Offer the user to login with that identity (or) auto-login
- If there is no identity associated with the domain:
- Offer the user to auto-register with the site using a particular local identity
- If there is an identity in local store corresponding to the current domain:
- If the user is logged in:
- Show a small UI element (key in the address bar as we did with the Weave auto-login feature?) that allows the user to log out or switch identities on the current domain.