CapTP on HTTP

Motivation: Caja-CapTP attempts to reuse web protocols to minimize the amount of low-level code (parsers, ...) or access (TCP, ...) it requires.

This page will define a protocol for transporting a CapTP connection over HTTP.

Identification and security
For the protection of swiss numbers and private data, this protocol should only be used over a secure connection (HTTPS, relying on certificate authorities, or HTTPSY) or a relied-upon network.

The format of a serialized SturdyRef in this protocol is:

http[s[y]]://.../arbitrary#swissNum

The VatID data is everything but the fragment, unless HTTPSY is used in which case the host:port information is omitted.

Connections
Unless otherwise specified, all requests and responses are JSON text following Waterken conventions for types and hyperlinks, of media type (MIME type). Rationale for having a distinct media type: Web protocol design principles say that clients should not need prior knowledge that any given URL is a CapTP-related URL.

After a connection is established, all CapTP messages are sent as HTTP POST requests to connection-specific receivers, which are web resources identified by URLs.

To open a CapTP-on-HTTP connection, the initiating vat sends a POST request to the above URL; the request body consists of the URL of the initiator's receiver. The successful response consists of the URL of the server's receiver. All communication from then on is symmetric.