blob: dcdffc1094a6679dd3d324f0130d7cec13666fff [file] [log] [blame]
<p><b>TODO:</b> finish documenting this.</p>
<p>The basic summary is that you create
a <a href="/docs/terms#claim">claim</a> that a user has access to
something, and then your blobserver's public frontend authenticates
(if applicable) a remote user and gives them access as permitted by
your claim.</p>
<p>Reproducing an email from <a
thread</a> for some background:</p>
<div style='font-style: italic'>
<p>This is an example walk-though of (working) sharing on Camlistore. Brett and I got this working last night (the basic "have a link" use case with no addition auth)</p>
<p>Let's say I have a private blobserver:</p>
<a href=""></a>
<p>And I have a file, "Hi.txt".</p>
<p>Its bytes are blob <tt>sha1-3dc1d1cfe92fce5f09d194ba73a0b023102c9b25</tt><br />
Its metadata (inode, filename, etc) is blob <tt>sha1-0e5e60f367cc8156ae48198c496b2b2ebdf5313d</tt></p>
<p>You don't have access to those, even though you know their names. Verify the 401 errors:</p>
<p><a href=""></a><br />
<a href=""></a></p>
<p>(hm, those are returning Unauthorized errors, but no Content Body... will fix later)</p>
<p>Note also that any errors you get from my private blob server always delay for at least 200 ms to mask timing attacks that could otherwise reveal the existence or non-existence of a blob on my private server.</p>
<p>Now I want to share Hi.txt with you, so I create a share blob (e.g <tt><a href="/cmd/camput">camput</a> --share <blob></tt>).</p>
<p>I've created this, and its name is <tt>sha1-071fda36c1bd9e4595ed16ab5e2a46d44491f708</tt></p>
<p>Note that you can fetch it without authentication, because my blobserver knows I have it and that it's a share blob that doesn't require auth (<tt>authType</tt> == "haveref" ... like "Share with others that have the link")</p>
<p>Here's you getting the blob:</p>
<pre class='sty' style='overflow: auto'>$ curl <a href=""></a>
{"camliVersion": 1,
"authType": "haveref",
"camliSigner": "sha1-f019d17dd308eebbd49fd94536eb67214c2f0587",
"camliType": "share",
"target": "sha1-0e5e60f367cc8156ae48198c496b2b2ebdf5313d",
"transitive": true
<p>Note the "target" and "transitive".</p>
<p>Now we present this proof of access in subsequent requests in the "via" parameter, with the in-order path of access.</p>
<p>Here's the first hop to the metadata, in which we discover the blobRef of the bytes of the file (in this case, just one part is the whole file bytes...) I already told you this earlier in the email, but assume you're just discovering this now.</p>
<pre class='sty' style='overflow: auto'>$ curl <a href=""><b>?via=</b>sha1-071fda36c1bd9e4595ed16ab5e2a46d44491f708</a>
{"camliVersion": 1,
"camliType": "file",
"contentParts": [
"blobRef": "sha1-3dc1d1cfe92fce5f09d194ba73a0b023102c9b25",
"size": 14
"fileName": "Hi.txt",
"size": 14,
"unixGroup": "camli",
"unixGroupId": 1000,
"unixMtime": "2011-01-26T21:11:22.152868825Z",
"unixOwner": "camli",
"unixOwnerId": 1000,
"unixPermission": "0644"
<p>Now let's get the final bytes of the file:</p>
<pre class='sty' style='overflow: auto'>$ curl <a href=",sha1-0e5e60f367cc8156ae48198c496b2b2ebdf5313d"><b>?via=</b>sha1-071fda36c1bd9e4595ed16ab5e2a46d44491f708,sha1-0e5e60f367cc8156ae48198c496b2b2ebdf5313d</a>
Hello, Camli!</pre>
<p>That's it.</p>
<p>Now imagine different <tt>authType</tt> parameters (passwords, SSL
certs, SSH, openid, oauth, facebook, membership in a group,
whatever... )</p>