From da2dd6366f62e77c2b2768f7cc9e2b516dd22298 Mon Sep 17 00:00:00 2001 From: Dave Jones Date: Thu, 6 Jan 2022 22:24:36 -0600 Subject: [PATCH] opensub first brain dump --- proposal-docs/opensubscribe/opensubscribe.md | 78 ++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 proposal-docs/opensubscribe/opensubscribe.md diff --git a/proposal-docs/opensubscribe/opensubscribe.md b/proposal-docs/opensubscribe/opensubscribe.md new file mode 100644 index 0000000..32650b1 --- /dev/null +++ b/proposal-docs/opensubscribe/opensubscribe.md @@ -0,0 +1,78 @@ +# The "podcast:subscribe" Specification + +Version 1.0 by [Dave Jones](https://github.com/daveajones)
+January 6th, 2022 + +
+ +## Purpose + +Podcasting requires a publicly available RSS feed to function in it's traditionally decentralized capacity. This has led to various schemes of +"private" feeds that require either a basic authentication login to be prepended to the url, or a tokenized url that is unique for each subscriber. +Neither of these are ideal. We envision an open way of subscribing to a single feed url. It doesn't matter if the feed itself is tokenized. All +that really matters is that the members-only feed's enclosures are kept private only to subscribers. We outline a method here for achieving this +type of tokenized enclosure delivery by way of a single, publicly available RSS feed.tokenized + +

+ +## Process + +The process of subscribing to a feed consists of making the purchase, storing a shared seed value and storing a shared subscriber id. The purchase +can be made over standard payment processors, cryptocurrency or any other method of payment the podcast creator chooses to use. + +
+ +### Initiating the purchase + +A members-only feed will contain a `` element that points to a website the user will use to complete the subscription signup +process. That process can be any method of paying and the app would probably just open a web view to the site and let the signup process happen +right in the app. + +### Generating the shared values + +Once the signup and payment has occurred, the server that processed the signup will generate a seed value to be used in a TOTP (Time-based One Time Password) +calculation. The seed value will be stored by the server in order to calculate the TOTP value in the future. It will also be handed back to the app which +will store the seed in it's internal database associated with this particular RSS feed. A user identifier will also be generated by the server and handed +back to the app so that an association can be kept between the TOTP seed and the user it belongs to. + +### Playing the Content + +When the app does a GET request for an enclosure within the subscription feed, it will first calculate the current TOTP value based on it's stored copy +of the seed and then attach that value to the GET request as a url parameter, like this: + +```http +GET https://example.com/cdn/podcast/episode23.mp3?_subscriberid=019280835669288573153765328753&_privtoken=247163 +``` + +The server validates the transmitted TOTP code by generating it server side based on the subscriber id given in the request.subscriber +If the subscriber's subscription ever lapses, the server simply forgets the TOTP seed and no future requests for content will validate. + +### Moving subscriptions between apps + +Because subscriptions are maintained by a simple TOTP random seed value, the values can be exported along with an opml file and imported into other apps. + +

+ +### Subscribe Element + +The `` tag designates the server that will handle the subscription processing for the feed. + +This element must exist at the `` level. + +There can be only one copy of this element in a feed. + +
+ +#### Structure: +```xml + +``` +
+ +#### Attributes: + - `url` (required) This is the service slug of the cryptocurrency or protocol layer. + +
+