March 16, 2022•240 words
Total hours: 186.100
1) Authentication Flow
Since I'll be using an identity provider I need some way to tie the 2SSL session to the social provider so that a revocation from social provider will revoke immediately on server side which will then revoke on clients device shortly afterwards.
Furthermore dealing with long term identity verification along with bridging and passing data from browser to desktop or mobile application.
2) Wiki Migration
This was overdue including the knowledge attached. At this point the major issue is that different parts of the protocol were designed with different core ideals in place. Adjusting them after the fact is quite expensive so what I do instead is retrofit the information and capabilities. Tweaking where I must.
This is because information relies on other information
3) Session vs Operator Session
This is complicated in that a device can go thru many different sessions. Think like browser connecting to a site. But the operator (that's you) remains the same and identies the same to the server.
This is what I'm figuring out within the 2SSL context since transport and session are two separate things.
However unlike conventional systems where data is mixed in between the browser and server. Here all the information remains on the server and the 'cookies' (or what map to cookie like things) are never sent to client.
This ensures privacy and indistinquishability of connections.