XSQ Verification Process

The http://tyaga.org/ipp/xotaur-sha1-query.html (XSQ) verification process is a means to query an accountant for the status of a specific payment. A payment offer or decision notification is thus verified against the accountant of a co-transactor. A notification is not assumed to have come from an authorized party unless the query verification is successful.

The XSQ verification process involves the following steps:

  1. Xotaur Serialization: For each payment record, a white-space concatenation of the following IPP parameters is formed into a string:
  2. SHA1: The sha1 digest of the xotaur string is used as the record ID between the transacting entities. The Notifier must include the sha1 digest as the value of the "ver_data" parameter in the IPP notification.
  3. GET-Query: The verifier queries the Notifier Accountant with the GET-query parameters "?xsq=0.1&record_SHA1=...xotaur...sha1...".
  4. The Notifier Accountant responds with json-encoded string or xml-equivalent:
  5. The verification is considered successful if the response code, status and xotaur matches the expected values based on the IPP notification parameters.