XML-RPC Digression... WAS: Re: [thesite] UEUE v.0.2 Update

Mark Nickel mnickel at new.rr.com
Thu Nov 8 09:31:16 CST 2001

Ok, if you really want my Grand Unified UEUE Theory without J2EE,
(GUUEUET???  :)  )  here it goes:

o  browser connects to *.evolt.org site and wants to login.

o  *.e.o site makes an XML-RPC request to ueue.evolt.org service with a
subsite username and password to access the XML-RPC service on

o  ueue.evolt.org returns an XML-RPC package to the *.evolt.org subsite with
a pass/fail result

o  *.evolt.org is responsible for making nicey-nicey session's using cookies
between the browser and *.evolt.org subsite if the user login passes/is

o  no futher interaction with ueue.evolt.org is necessary


o  if we don't want to trust anyone *EVERY* access of the browser to the
*.e.o site will result in the *.e.o subsite re-authenticating the user via
XML-RPC to the ueue.evolt.org server

The above, obviously, does not solve the Global User Sessions across all
*.evolt.org...  Each subsite would still be responsible for that task.
cookies would be sufficent then.

The XML-RPC payload could be made GPG encrypted, SSL'ed, etc.

This is oh-so-similar to the straight DB lookup, DSN username/password
discussion in this thread, however with XML-RPC it's server-side language
agnostic which would satisfy the "generic" component for the implementation
of each subsite.

I believe Matt W. has done some of this intra-network querying, but I
believe that is something we should stay away from.  That native
client-server database access would work, but I think that the XML-RPC is
just more funner... :) .  Besides, I just love the whole market-speak
surrounding Web Services... :)  :)  :)  :) I think it's hilarious

In my gut, this is what I call the "good" solution.  All the cookie
dancing/MD5'ing, is the "good enough" solution.



"Daniel J. Cody" wrote:

> this is just me an limited understanding of j2ee and .net, but wouldn't
> we need to have these technologies in place to use them?
> if i'm wrong, ok, but one more thought :) the purpose of what we're
> trying to do here is to make it language agnostic. if we have a subsite
> in jsp, it can talk to our user DB. same with asp, cf, php, perl,
> python, whatever - we don't need to rely on any one language to develop
> evolt sites while assuring they're able to hook into the 'collective' :)
> again, i may not have a grasp of the technologies here, just lemme know
> if not
> .djc.
> .jeff wrote:
> >><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> >>J2EE and .NET are going to rely on server-to-server
> >>communication to facilitate the authentication...
> >><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> >>
> > i really like the sound of this approach.  this serves to remove the

More information about the thesite mailing list