X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=README.md;h=c4234f651480faa38a3891313b64593e588d0973;hb=ff66dd49a1b54935a20ea6e15bd036b8acd5e170;hp=6b4400ea56b2285729fd59e3c6fcf307d71a89d4;hpb=e967fdce5a017cc28b19cd3d4f2ece745dcecdaf;p=squeep-authentication-module

diff --git a/README.md b/README.md
index 6b4400e..c4234f6 100644
--- a/README.md
+++ b/README.md
@@ -41,6 +41,21 @@ Class providing service handler functions for rendering and processing session l
 
 - `sessionNavLinks` call from app templates to populate navLinks for account settings and logout
 
+### ResourceAuthenticator
+
+Class which fetches and validates resource identifiers and their secrets from database.
+
+Resources are assumed to be other services making API calls.
+
+This is just a time-gated pre-shared-secret HMAC Bearer token scheme.
+
+Default token format is a ':'-separated concatenation of:
+
+- resource identifier, which is a UUID, encoded as 24 bytes in base64url
+- current epoch, encoded as base10 string
+- salt value, randomness encoded as 28 bytes in base64url
+- sha256 HMAC digest of previous data, encoded in base64url
+
 ### Other Notes
 
 For the moment, this imposes a web structure of /admin/* for authentication management paths.