All, In the process of "cleaning" up the spec and to make it ready to add more important coverage (arbitrary format, private feeds), I identified that we should probably remove the "hub.verify_token".
I'm not completely sure why it was initially added (Brett, Brad, Mart?), but I think it was to facilitate the matching of a feed and subscription for the subscriber who gets a verification of intent request. I believe this can all be done thru the callback url, which (as per the good practices) should be different for each subscription/feed. I'm not sure how to submit changes to the protocol, but this would affect the following sections : 6.1 : Removal of : > hub.verify_token > OPTIONAL. A subscriber-provided opaque token that will be echoed back in > the verification request to assist the subscriber in identifying which > subscription request is being verified. If this is not included, no token > will be included in the verification request. 6.2 : Removal of : > hub.verify_token > OPTIONAL. The subscriber-provided opaque token from the corresponding > subscription request, if one was provided. 6.2.1 Change of the first paragraph (remove the red): > The subscriber MUST confirm that the hub.topic and hub.verify_token > correspond > to a pending subscription or unsubscription that it wishes to carry out. > [...] 8.2 : Removal of section altogether. Feedback? Thanks!
