Salmon is a proposed protocol that defines a standard way for comments and annotations on one site to "swim upstream" and be posted to the original source, allowing for a virtuous cycle of commentary. It works by having content signed and posted to a target site's Salmon endpoint, with the signature then verified to authenticate the sender before the target site decides how to handle the received content. Specifications are provided for Salmon implementations using Atom and JSON formats.

1. Salmon Protocol
#OpenWebTO : September 20, 2010

2. what is it?

3. Salmon aims to define a standard protocol for
comments and annotations to swim upstream to
original update sources -- and spawn more
commentary in a virtuous cycle.

4. trackback 2.0

6. how does it work?

7. salmon flow
content1 is submitted
discovery performed to get the
target's salmon endpoint 2
content is signed3 and posted
signature verified4 and content
handled5

8. content 1
Currently implementations in Atom
Specs also list JSON
Where or how the content is
generated is (wisely) unspecified.

9. discovery 2
Using LRDD / Host-meta (aka
webfinger)
Determine rel="salmon" endpoint
(no centralized registry!)

10. signed3
we don't want posts from anywhere
(i.e. trackback)
uses magic signatures*
that's right, magic.

11. verified4
signed data is unfolded
author determined - discovery
performed for the author public key
RSA signature verification
performed

12. handled5
what the receiver does with the
content is (wisely) out of scope
suggestions for two patterns:
reply: specify atom thr:in-reply-
to
mention: include rel="mentioned"

13. magic signatures
A lightweight, robust mechanism for digitally
signing nearly arbitrary messages, along with a
simple public key infrastructure.

14. <?xml version='1.0' encoding='UTF-8'?>
<entry xmlns='http://www.w3.org/2005/Atom'>
<id>tag:example.com,2009:cmt-0.44775718</id>
<author><name>test@example.com</name><uri>bob@example.com</uri></author>
<thr:in-reply-to xmlns:thr='http://purl.org/syndication/thread/1.0'
ref='tag:blogger.com,1999:blog-893591374313312737.post-3861663258538857954'>
tag:blogger.com,1999:blog-893591374313312737.post-3861663258538857954
</thr:in-reply-to>
<content>Salmon swim upstream!</content>
<title>Salmon swim upstream!</title>
<updated>2009-12-18T20:04:03Z</updated>
</entry>

15. POST /all-replies-endpoint HTTP/1.1
Host: example.org
Content-Type: application/magic-envelope+xml
<?xml version='1.0' encoding='UTF-8'?>
<me:env xmlns:me='http://salmon-protocol.org/ns/magic-env'>
<me:data type='application/atom+xml'>
PD94bWwgdmVyc2lvbj0nMS4wJyBlbmNvZGluZz0nVVRGLTgnPz4KPGVudHJ5IHhtbG5zPSdod
HRwOi8vd3d3LnczLm9yZy8yMDA1L0F0b20nPgogIDxpZD50YWc6ZXhhbXBsZS5jb20sMjAwOT
pjbXQtMC40NDc3NTcxODwvaWQ-ICAKICA8YXV0aG9yPjxuYW1lPnRlc3RAZXhhbXBsZS5jb20
8L25hbWU-PHVyaT5ib2JAZXhhbXBsZS5jb208L3VyaT48L2F1dGhvcj4KICA8dGhyOmluLXJl
cGx5LXRvIHhtbG5zOnRocj0naHR0cDovL3B1cmwub3JnL3N5bmRpY2F0aW9uL3RocmVhZC8xL
jAnCiAgICAgIHJlZj0ndGFnOmJsb2dnZXIuY29tLDE5OTk6YmxvZy04OTM1OTEzNzQzMTMzMT
I3MzcucG9zdC0zODYxNjYzMjU4NTM4ODU3OTU0Jz50YWc6YmxvZ2dlci5jb20sMTk5OTpibG9
nLTg5MzU5MTM3NDMxMzMxMjczNy5wb3N0LTM4NjE2NjMyNTg1Mzg4NTc5NTQKICA8L3Rocjpp
bi1yZXBseS10bz4KICA8Y29udGVudD5TYWxtb24gc3dpbSB1cHN0cmVhbSE8L2NvbnRlbnQ-C
iAgPHRpdGxlPlNhbG1vbiBzd2ltIHVwc3RyZWFtITwvdGl0bGU-CiAgPHVwZGF0ZWQ-MjAwOS
0xMi0xOFQyMDowNDowM1o8L3VwZGF0ZWQ-CjwvZW50cnk-CiAgICA=
</me:data>
<me:encoding>base64url</me:encoding>
<me:alg>RSA-SHA256</me:alg>
<me:sig>
cAIu8VKIhs3WedN91L3ynLT3GbZFhbVidDn-skGetENVH-3EguaYIjlPTq7Ieraq4SD
BknM9STM9DR90kveUrw==
</me:sig>
</me:env>

17. what is it good for?

18. a little demo...

20. more info
http://salmon-protocol.org/