Ring Homepage

“But what about mobile?” Great question. We need a trusted way to validate sites that is not browser dependent. For this reason, the ring server hosts a homepage that:

• Advertises Members
• Performs in-browser validation of the Member manifests

Validation

Every Member site is populated from the data in the ring server’s database, including URL, description, and current public key. The “Validate” button kicks off the process of fetching data from the site’s own manifest to compare and verify.

A modal dialog will appear during the operation. The validation operation comprises the following:

1. Fetching site manifest from https://site-url/.well-known/webrings.json
2. Comparing manifest public key to server’s known public key
3. Verifying the site manifest’s signature using the ring’s own /api/member/validate endpoint
4. Retrieving standing/votes for the site.
5. Displaying standing, vote breakdown, and anonymized vote descriptions

Validation Notes

Some important considerations for validation.

The fetching of the manifest requires Cross-Origin access. Therefore, member sites must at least have the ring server’s URL as an allowed Origin in their web server’s Access-Control-Allowed-Origins header.

At present, signature verification is done via the ring’s own API. However, nothing theoretically prevents this from being done directly in the user’s browser via JavaScript. A future update may include this, to improve transparency.

The source JavaScript for the server homepage is not minified, and requires no external dependencies. This is for maximal transparency and readability.