This all makes perfect sense :) I believe something is coming along those lines (but don't know when, I'll dig in and try to get back to that)
As for forcing a login, it allows you to place a business model around ensuring known customers are affecting your domains, even placing a "trust" model around some (so you process the renewal right away, instead of holding it for POS verification for an unknown recipient) Of course, I can't see anyone *wanting* to renew someone else's domain... Charles Daminato OpenSRS Product Manager Tucows Inc. - [EMAIL PROTECTED] > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of John Keegan > Sent: July 17, 2002 4:18 PM > To: [EMAIL PROTECTED] > Subject: Re: Allowing Sub users to renew domains > > > >> But username and password are required for these functions, right? > > > > Yep, but if it's the subuser that trying to do this, they've presumably > > already logged in.... > > That part I understand. ;-) > > The reason I asked the question is because there appears to be only one > reason that a login is even necessary to renew a domain name, and > that is to > get the current expiration date for the domain (in the renew.cgi > it's this: > $response->{attributes}->{expiredate} ). You must be logged in to get this > info, as it is part of the userinfo object which requires a cookie. > > Once the expiredate attribute is found, it is parsed, since the > information > arrives like this 2003-12-30 23:35:52, we pull out the first part > and we get > the current expiration year as 2003. > > Then we send a command which might look like this: > > my $xcp_req = { > action => 'renew', > object => 'domain', > attributes => { > domain => $reg_domain, > currentexpirationyear => $year, > period => $period, > }, > }; > > with $year as the value we just pulled out... > > So the only reason any login is even necessary is to get the > currentexpirationyear attribute, because as you can see, the above command > is all that is needed to renew a domain name in the API. You > don't actually > send the username/password along with the renew command; just the domain > name, the current expiration year, and the period to renew... > > The reason I bring this up is because there really should not be a need to > login to renew a domain name, it is an unnecessary step. Anyone should be > able to renew the domain. And the only reason that the current setup > requires a login - from a technical perspective - is to get that > one bit of > info, the current expiration date so we can parse out the year and send it > along with the renew command. > > Which is what led many of us to find other ways of getting this info, so > that we could implement faster and easier ways for our customers to renew > domain names. > > So, if OpenSRS would add an API call which would allow us to > query for this > info without doing it from get_domain_info , or alternatively *drop the > requirement that currentexpirationyear be sent along with the renew > command*, you could easily allow your subuser - or anyone - to renew > domains. > > I think that about sums it up. > > -- > John Keegan > [EMAIL PROTECTED] > http://RackShare.com > >
