MJCD · May 29, 2019 10:56
diff --git a/Client and Provider ID's b/Client and Provider ID's
 [MD] Each server should provide a unique provider ID - probably as a http header where applicable. This allows for a very weak but quick and easy mechanism to tell that requests are going to official servers who's keys are already known.

 Internally, even anonymous/not logged in users should all be assigned a temporary unique client ID (which is separate to the users session id) which is to be used to correctly route requests to the applicable end nodes that their processing takes place.

 If the provider/client ID does not match the key(s) that server has (hardcoded in the case of the provider ID) - then the user is potentially attempting to compromise your site. See "./Potential Security Threats.txt" for the correct way to handle such an event.

 Rules are configured per project, at the moment I have 2 proposed methods; 1) add a 'morals' or similar field to the projects package.json or 2) as a morals.js file in the projects root.

 In either case the following support will be available via an api available to all umbrella companies:
 * Increment (good behavior - even potentially just the ongoing correct seemingly human use of the site)
 * Decrement (bad behavior - such as trying to access unauthorized resources)
 * Regenerate (able to be set as a fixed rate per day or as a JS expression)
 * Degenerate (ie not using the site frequently as an idea)

 There will also be an admin panel [TOOLING] for viewing and managing peoples 'karma'/'morality' which will provide a hard override, which will generate a report sent to all applicable parties via email for accountability purposes

 [MD] Name suggestions:
 * morality.js
 * Karma.js
 * BeGood
	[MD] Each server should provide a unique provider ID - probably as a http header where applicable. This allows for a very weak but quick and easy mechanism to tell that requests are going to official servers who's keys are already known.

	Internally, even anonymous/not logged in users should all be assigned a temporary unique client ID (which is separate to the users session id) which is to be used to correctly route requests to the applicable end nodes that their processing takes place.

	If the provider/client ID does not match the key(s) that server has (hardcoded in the case of the provider ID) - then the user is potentially attempting to compromise your site. See "./Potential Security Threats.txt" for the correct way to handle such an event.

	Rules are configured per project, at the moment I have 2 proposed methods; 1) add a 'morals' or similar field to the projects package.json or 2) as a morals.js file in the projects root.

	In either case the following support will be available via an api available to all umbrella companies:
	* Increment (good behavior - even potentially just the ongoing correct seemingly human use of the site)
	* Decrement (bad behavior - such as trying to access unauthorized resources)
	* Regenerate (able to be set as a fixed rate per day or as a JS expression)
	* Degenerate (ie not using the site frequently as an idea)

	There will also be an admin panel [TOOLING] for viewing and managing peoples 'karma'/'morality' which will provide a hard override, which will generate a report sent to all applicable parties via email for accountability purposes

	[MD] Name suggestions:
	* morality.js
	* Karma.js
	* BeGood