XML-RPC Digression... WAS: Re: [thesite] UEUE v.0.2 Update
Mark Nickel
mnickel at new.rr.com
Thu Nov 8 09:31:16 CST 2001
Ok, if you really want my Grand Unified UEUE Theory without J2EE,
(GUUEUET??? :) ) here it goes:
o browser connects to *.evolt.org site and wants to login.
o *.e.o site makes an XML-RPC request to ueue.evolt.org service with a
subsite username and password to access the XML-RPC service on
ueue.evolt.org.
o ueue.evolt.org returns an XML-RPC package to the *.evolt.org subsite with
a pass/fail result
o *.evolt.org is responsible for making nicey-nicey session's using cookies
between the browser and *.evolt.org subsite if the user login passes/is
successful.
o no futher interaction with ueue.evolt.org is necessary
**OR**
o if we don't want to trust anyone *EVERY* access of the browser to the
*.e.o site will result in the *.e.o subsite re-authenticating the user via
XML-RPC to the ueue.evolt.org server
The above, obviously, does not solve the Global User Sessions across all
*.evolt.org... Each subsite would still be responsible for that task.
cookies would be sufficent then.
The XML-RPC payload could be made GPG encrypted, SSL'ed, etc.
This is oh-so-similar to the straight DB lookup, DSN username/password
discussion in this thread, however with XML-RPC it's server-side language
agnostic which would satisfy the "generic" component for the implementation
of each subsite.
I believe Matt W. has done some of this intra-network querying, but I
believe that is something we should stay away from. That native
client-server database access would work, but I think that the XML-RPC is
just more funner... :) . Besides, I just love the whole market-speak
surrounding Web Services... :) :) :) :) I think it's hilarious
In my gut, this is what I call the "good" solution. All the cookie
dancing/MD5'ing, is the "good enough" solution.
Thanks!
Mark
"Daniel J. Cody" wrote:
> this is just me an limited understanding of j2ee and .net, but wouldn't
> we need to have these technologies in place to use them?
>
> if i'm wrong, ok, but one more thought :) the purpose of what we're
> trying to do here is to make it language agnostic. if we have a subsite
> in jsp, it can talk to our user DB. same with asp, cf, php, perl,
> python, whatever - we don't need to rely on any one language to develop
> evolt sites while assuring they're able to hook into the 'collective' :)
>
> again, i may not have a grasp of the technologies here, just lemme know
> if not
>
> .djc.
>
> .jeff wrote:
>
> >><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> >>J2EE and .NET are going to rely on server-to-server
> >>communication to facilitate the authentication...
> >><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> >>
> > i really like the sound of this approach. this serves to remove the
More information about the thesite
mailing list