Editing Token based access restriction

Warning: You are not logged in. Your IP address will be recorded in this page's edit history.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Learn more about Contributing to the wiki.

= Token based access to repositories of files on maemo.org =
== Use cases ==
=== Alternate Distribution ===
'''Story:''' Alice has created an alternate distribution for the her device, but in order to fully take advantage of the hardware, she needs to use some proprietary binary drivers that only the hardware vendor has the right to redistribute. Now she wants to provide her distribution to users.

'''She needs:''' a way to upload fs images that include proprietary binary drivers.

=== Maemo Remix ===
'''Story:''' Bob wants to fix some bugs the open source parts of Maemo 4 and distribute a complete flashable image. Because he's replacing system libraries he can't distribute his fixes through extras.

'''He needs''': a way to upload an fs image that includes proprietary binary drivers as well as user-level applications that originally came with the device, such as Adobe Flash and "Map."

=== User of Alice's AlternateDistro or Bob's MaemoRemix ===
'''Story:''' Claire has an N800 and wants to try out Alice's AlternateDistro and Bob's MaemoRemix.

'''She needs:''' a way to provide a token that proves she has a device from the hardware vendor and thus has the rights to access the proprietary binaries included in the downloads provided by Alice and Bob.

== Proposal: ==
=== Part 1 ===
Create a section of the site that can only be accessed through a unique token. Users would be able to access this section of the site by submitting a serial number that uniquely identifies their device (such as the WLAN MAC address or BT MAC address) and then agreeing to an EULA. This serial number would be used to generate a permanent token (maybe an MD5 hash) that they could use to download files that are only licensed to be distributed to people who own such a device. If the token generated for the user was "SDFKJSDFHDSF" then the structure of the URL would (conceptually) look something like this: http://maemo.org/hw_vendor-closed/N800/SDFKJSDFHDSF/N8x0-3D-drivers.tar.gz

=== Part 2 ===
Allow developers to distribute complete OS images that include the hardware vendor's "closed" binaries, by letting them upload these images to a subsection of the "token protected" area of the site. If necessary, users could request their own subsection, under which they could create as many sub-directories as necessary, and this could be granted on a case by case basis by someone inside the hardware vendor. If Alice (the developer mentioned above) uploads a new image of her distribution to her own section, the resulting URL for that image could look something like this: http://maemo.org/hw_vendor-closed/N800/SDFKJSDFHDSF/~Alice/AD1/AlternateDistro.img

Please note that all contributions to maemo.org wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see maemo.org wiki:Copyrights for details). Do not submit copyrighted work without permission!

Summary:

Cancel | Editing help (opens in new window)

Retrieved from "https://wiki.maemo.org/Token_based_access_restriction"

@@ Line 18: / Line 18: @@
 == Proposal: ==
 === Part 1 ===
-Create a section of the site that can only be accessed through a unique token. Users would be able to access this section of the site by submitting a serial number that uniquely identifies their device (such as the WLAN MAC address or BT MAC address) and then agreeing to an EULA. This serial number would be used to generate a permanent token (maybe an MD5 hash) that they could use to download files that are only licensed to be distributed to people who own such a device.
+Create a section of the site that can only be accessed through a unique token. Users would be able to access this section of the site by submitting a serial number that uniquely identifies their device (such as the WLAN MAC address or BT MAC address) and then agreeing to an EULA. This serial number would be used to generate a permanent token (maybe an MD5 hash) that they could use to download files that are only licensed to be distributed to people who own such a device. If the token generated for the user was "SDFKJSDFHDSF" then the structure of the URL would (conceptually) look something like this: http://maemo.org/hw_vendor-closed/N800/SDFKJSDFHDSF/N8x0-3D-drivers.tar.gz
-If the token generated for the user was "SDFKJSDFHDSF" then the structure of the URL would (conceptually) look something like this: http://maemo.org/hw_vendor-closed/N800/SDFKJSDFHDSF/N8x0-3D-drivers.tar.gz
 === Part 2 ===
 Allow developers to distribute complete OS images that include the hardware vendor's "closed" binaries, by letting them upload these images to a subsection of the "token protected" area of the site. If necessary, users could request their own subsection, under which they could create as many sub-directories as necessary, and this could be granted on a case by case basis by someone inside the hardware vendor. If Alice (the developer mentioned above) uploads a new image of her distribution to her own section, the resulting URL for that image could look something like this: http://maemo.org/hw_vendor-closed/N800/SDFKJSDFHDSF/~Alice/AD1/AlternateDistro.img
-=== Implementation ===
-* Administration interface (web, script) for token area
-** Creation
-*** Input: maemo.org user M which can upload to this area
-*** Input: authentication method A (770 user, n800 user, n810 user, n810w user with EULA.. etc)
-*** Creates /area-name/originaltoken/original and allows M to WebDAV upload (important - mkdir permission is needed) to this place. uniquetoken is kept secret.
-*** Sets up /area-name/gettoken which is using authentication method A to give out tokens
-* Token interface (/area-name/gettoken).
-** Asks user to input according to authentication method needs.
-** If OK: Creates unique token T
-** Creates /area-name/token/original symlink to /area-name/originaltoken/original
-** Creates all other symlinks for ~username areas in /area-name/token/~username/
-* Request form for creation of user token areas
-** Input: maemo.org username N, token T (indicating the user has legal access to the token area)
-** Input: intended usage for area
-** After moderation by user M or other admin:
-*** Create /area-name/T/~N/ and allow N to upload by WebDAV (important, mkdir permission is needed)
-*** Create /area-name/*/~N/ symlink in all tokens
-[[Category:maemo.org]]

Personal tools

Navigation

Views

Editing Token based access restriction