|
Mark and Margaret, Thanks for putting this together. I have some questions and comments. I suspect there are a number of nits in the syntax, but first I’d like to discuss some high-level questions. 1.
Regarding $toplevel, is this intended to be used as the body for both request and response? I suspect no, this is the body of the response and the body of the POST has not been defined. For example, how is the MD5 sum of the t&c to be
presented? 2.
I see a role for performing GET, once the session has been established. 3.
Do you see any opposition to including various hrefs for satisfying requirements in the browser? I think working through some examples would be useful. This differs from your proposal, but I was thinking: ------- GET from the DHCP-provided URL: GET http://<server>/capport (Accept: application/json) 200 OK { "create_href": "http://<server>/capport/sessions", "browse_href": "http://portal.example.com/" } ---- Posting to the create_href: POST http://<server>/capport/sessions (Accept: application/json) { "identity": "<USERNAME>"} 200 OK { " id": { "uuid": "<session_uuid>",
"href": "http://<server>/capport/sessions/<session_uuid>" },
"identity": "<USERNAME>",
"state": { "permitted": false }, "requirements": [ {"view_page": "http://portal.example.com/welcome/terms_and_conditions.html?session=<session_uuid>"}, {"provide_credentials": "http://<server>/capport/sessions/<session_uuid>/credentials"}] } ------- The session now exists, and GET works: GET http://<server>/capport/sessions/<session_uuid> (Accept: application/json) 200 OK { " id": { "uuid": "<session_uuid>",
"href": "http://<server>/capport/sessions/<session_uuid>" },
"identity": "<USERNAME>",
"state": { "permitted": false }, "requirements": [ {"view_page": "http://portal.example.com/welcome/terms_and_conditions.html?session=<session_uuid>"}, {"provide_credentials": "http://<server>/capport/sessions/<session_uuid>/credentials"}] } ------ Or GET for browser: GET http://<server>/capport/sessions/<session_uuid> (Accept: text/html) 200 OK <html> Human readable page of above information </html> ---------- After visiting the view_page URL and clicking OK, the internet works, and the info is available for query: GET http://<server>/capport/sessions/<session_uuid> (Accept: application/json) 200 OK { " id": { "uuid": "<session_uuid>",
"href": "http://<server>/capport/sessions/<session_uuid>" },
"identity": "<USERNAME>",
"token": "<TOKEN>", "state": { "permitted": true, "expires": "2017-02-25T19:00:00-06:00", "bytes_remaining": 10000000 }, "requirements": [] } ---- When the session expires, ICMP alert occurs, the client GETs again (note different value for view_page): GET http://<server>/capport/sessions/<session_uuid> (Accept: application/json) 200 OK { " id": { "uuid": "<session_uuid>",
"href": "http://<server>/capport/sessions/<session_uuid>" },
"identity": "<USERNAME>",
"state": { "permitted": false, "expires": "2017-02-25T19:00:00-06:00", "bytes_remaining": 0 }, "requirements": [ {"view_page": "http://portal.example.com/welcome/renew.html?session=<session_uuid>"}, {"provide_credentials": "http://<server>/capport/sessions/<session_uuid>/credentials"}] } The client can fulfil requirements again. ---- When the client wants to explicitly leave the network, delete the href for the session: DELETE http://<server>/capport/sessions/<session_uuid> 200 OK The USERNAME could be DHCP option-12 value or MAC address or ? I don’t think it is too important for security, but useful for diagnostics. I did not delve into how the TOKEN would be used with provide_credentials. But the idea is that it could be shared (e.g., with devices lacking displays.) Does this make sense? -Dave |