3.3 KiB
The "podcast:subscribe" Specification
Version 1.0 by Dave Jones
January 6th, 2022
Purpose
Podcasting requires a publicly available RSS feed to function in it's traditionally decentralized capacity. This has led to various schemes of "private" feeds that require either a basic authentication login to be prepended to the url, or a tokenized url that is unique for each subscriber. Neither of these are ideal. We envision an open way of subscribing to a single feed url. It doesn't matter if the feed itself is tokenized. All that really matters is that the members-only feed's enclosures are kept private only to subscribers. We outline a method here for achieving this type of tokenized enclosure delivery by way of a single, publicly available RSS feed.tokenized
Process
The process of subscribing to a feed consists of making the purchase, storing a shared seed value and storing a shared subscriber id. The purchase can be made over standard payment processors, cryptocurrency or any other method of payment the podcast creator chooses to use.
Initiating the purchase
A members-only feed will contain a <podcast:subscribe>
element that points to a website the user will use to complete the subscription signup
process. That process can be any method of paying and the app would probably just open a web view to the site and let the signup process happen
right in the app.
Generating the shared values
Once the signup and payment has occurred, the server that processed the signup will generate a seed value to be used in a TOTP (Time-based One Time Password) calculation. The seed value will be stored by the server in order to calculate the TOTP value in the future. It will also be handed back to the app which will store the seed in it's internal database associated with this particular RSS feed. A user identifier will also be generated by the server and handed back to the app so that an association can be kept between the TOTP seed and the user it belongs to.
Playing the Content
When the app does a GET request for an enclosure within the subscription feed, it will first calculate the current TOTP value based on it's stored copy of the seed and then attach that value to the GET request as a url parameter, like this:
GET https://example.com/cdn/podcast/episode23.mp3?_subscriberid=019280835669288573153765328753&_privtoken=247163
The server validates the transmitted TOTP code by generating it server side based on the subscriber id given in the request.subscriber If the subscriber's subscription ever lapses, the server simply forgets the TOTP seed and no future requests for content will validate.
Moving subscriptions between apps
Because subscriptions are maintained by a simple TOTP random seed value, the values can be exported along with an opml file and imported into other apps.
Subscribe Element
The <podcast:subscribe>
tag designates the server that will handle the subscription processing for the feed.
This element must exist at the <channel>
level.
There can be only one copy of this element in a feed.
Structure:
<podcast:subscribe
url="[url of the signup page(string)]"
>
Attributes:
url
(required) This is the service slug of the cryptocurrency or protocol layer.