mirror
/
podcast-namespace
kopia lustrzana https://github.com/Podcastindex-org/podcast-namespace
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

opensub first brain dump

pull/324/head
Dave Jones 2022-01-06 22:24:36 -06:00
rodzic ba443742cd
commit da2dd6366f
1 zmienionych plików z 78 dodań i 0 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

78
proposal-docs/opensubscribe/opensubscribe.md 100644
Wyświetl plik

@ -0,0 +1,78 @@
# The "podcast:subscribe" Specification
<small>Version 1.0 by [Dave Jones](https://github.com/daveajones)</small><br>
<small>January 6th, 2022</small>
<br>
## Purpose
Podcasting requires a publicly available RSS feed to function in it's traditionally decentralized capacity. This has led to various schemes of
"private" feeds that require either a basic authentication login to be prepended to the url, or a tokenized url that is unique for each subscriber.
Neither of these are ideal. We envision an open way of subscribing to a single feed url. It doesn't matter if the feed itself is tokenized. All
that really matters is that the members-only feed's enclosures are kept private only to subscribers. We outline a method here for achieving this
type of tokenized enclosure delivery by way of a single, publicly available RSS feed.tokenized
<br><br>
## Process
The process of subscribing to a feed consists of making the purchase, storing a shared seed value and storing a shared subscriber id. The purchase
can be made over standard payment processors, cryptocurrency or any other method of payment the podcast creator chooses to use.
<br>
### Initiating the purchase
A members-only feed will contain a `<podcast:subscribe>` element that points to a website the user will use to complete the subscription signup
process. That process can be any method of paying and the app would probably just open a web view to the site and let the signup process happen
right in the app.
### Generating the shared values
Once the signup and payment has occurred, the server that processed the signup will generate a seed value to be used in a TOTP (Time-based One Time Password)
calculation. The seed value will be stored by the server in order to calculate the TOTP value in the future. It will also be handed back to the app which
will store the seed in it's internal database associated with this particular RSS feed. A user identifier will also be generated by the server and handed
back to the app so that an association can be kept between the TOTP seed and the user it belongs to.
### Playing the Content
When the app does a GET request for an enclosure within the subscription feed, it will first calculate the current TOTP value based on it's stored copy
of the seed and then attach that value to the GET request as a url parameter, like this:
```http
GET https://example.com/cdn/podcast/episode23.mp3?_subscriberid=019280835669288573153765328753&_privtoken=247163
```
The server validates the transmitted TOTP code by generating it server side based on the subscriber id given in the request.subscriber
If the subscriber's subscription ever lapses, the server simply forgets the TOTP seed and no future requests for content will validate.
### Moving subscriptions between apps
Because subscriptions are maintained by a simple TOTP random seed value, the values can be exported along with an opml file and imported into other apps.
<br><br>
### Subscribe Element
The `<podcast:subscribe>` tag designates the server that will handle the subscription processing for the feed.
This element must exist at the `<channel>` level.
There can be only one copy of this element in a feed.
<br>
#### Structure:
```xml
<podcast:subscribe
url="[url of the signup page(string)]"
>
```
<br>
#### Attributes:
- `url` (required) This is the service slug of the cryptocurrency or protocol layer.
<br>