Till Wegmueller
045365e0eb
Address spec review findings
...
- Add resources table for JRD subject/aliases (RFC 7033 compliance)
- Secure verify endpoint with registration secret (prevent race condition)
- Add unique constraint on (resource_id, rel, href) with upsert semantics
- Add cascade behavior for domain deletion and token revocation
- Add owner token rotation endpoint
- Fix host-meta to be domain-aware via Host/X-Forwarded-Host
- Define batch endpoint as all-or-nothing transactions
- Pin glob matching semantics with validation rules
- Document domain re-verification as known v1 limitation
- Require session_secret (no default), restrict /metrics via network
- Clarify multi-rel filtering and CORS scoping
2026-04-06 17:14:36 +02:00
Till Wegmueller
ed5ff2a796
Add webfingerd design specification
...
Multi-tenant WebFinger server (RFC 7033) with ACME-style domain
onboarding, scoped service token authorization, in-memory cache
backed by SQLite, and server-rendered management UI.
2026-04-06 17:14:35 +02:00
