CapTP on HTTP
Motivation: Caja-CapTP attempts to reuse web protocols to minimize the amount of low-level code (parsers, ...) or access (TCP, ...) it requires.
This page will define a protocol for transporting a CapTP connection over HTTP.
Identification and security
For the protection of swiss numbers and private data, this protocol should only be used over a secure connection (HTTPS, relying on certificate authorities, or HTTPSY) or a relied-upon network.
The format of a serialized SturdyRef in this protocol is:
The VatID data is everything but the fragment, unless HTTPSY is used in which case the host:port information is omitted. XXX formalize this
XXX specify encoding of swissNum
Unless otherwise specified, all requests and responses are JSON text following Waterken conventions XXX link to docs for types and hyperlinks, of media type (MIME type)
application/captp+json. Rationale for having a distinct media type: Web protocol design principles say that clients should not need prior knowledge that any given URL is a CapTP-related URL.
After a connection is established, all CapTP messages are sent as HTTP POST requests to connection-specific receivers, which are web resources identified by URLs.
To open a CapTP-on-HTTP connection, the initiating vat sends a POST request to the above URL; the request body consists of the URL of the initiator's receiver. XXX Specify how the server obtains and verifies the client's VatID. The successful response consists of the URL of the server's receiver. XXX Specify tiebreaking scheme. All communication from then on is symmetric.