Martin Atkins

Ponderer • Investigator • Maker

Domain Federation Protocol

Domain Federation Protocol is a proposed specification for a mechanism for ad-hoc authentication between websites, using a dialback mechanism to turn domain names into identities.

Presenting the idea for the first time at the Federated Social Web Summit in July 2010, in Portland. It had an even less catchy name back then.

Photo by James Walker

Brad and Brett based the fundamental idea behind PubSubHubbub on XMPP PubSub, a system for distributing push notifications over XMPP. While I was working with them to draft the specification I realized that the ability to verify ownership of a URL -- a key security technique in PubSubHubbub -- would be a useful building block for other applications on the federated social web.

I set about trying to adapt XMPP's dialback mechanism to HTTP. Where XMPP uses TCP sockets to establish a long-running session, I took inspiration from how web applications maintain sessions using bearer tokens in cookies and invented a simple protocol for performing dialback and exchanging such tokens.

The high-level request flow is as follows:

Since there is lots of chatter in establishing an association the dialback association is established as a separate step before making any other requests, and the token can then possibly be used for many requests before it expires and a new token must be requested. Since the association happens out of band of any "real" request, an implementation can also pro-actively attempt to refresh associations for domains it expects to need so that the dialback process won't block a later operation.

The Domain Federation Protocol makes the assumption that once a caller has proven ownership of a domain it is free to "act as" any user under that domain, using the familiar user@domain syntax of email addresses. This makes Domain Federation Protocol particularly suitable for interaction of domains that each have hundreds, thousands or even millions of users since only one association needs to be maintained no matter how many users are communicating.

The primary use I imagine for this protocol is to use it in conjunction with Activity Streams to transmit activities, messages and other content between different social web nodes.