Each service will obviously have its own schema and client side requirements but there are a few standards that should be maintained through all services.

Client Side:
Steps for accessing a secure service:
1. Login using an SSL connection to the main OSDash server.
2. Store the sessionkey and list of services/mirrors that are returned
3. Query the secure service using an ssl connection and the given session key. Secure services will start with https in the service list.

Steps for accessing a non-secure service:
1. Query the service as necessary but ensure no personal information is transmitted especially the sessionkey.

Server Side:
Steps a secure server uses:
Note: All servers hosting secure services must support SSL and have a valid certificate
1. On query, extract the session key
2. Query the authentication server for the userID, if valid store the userID and sessionKey in a local 5min cache
3. Return results for the given userID

Format for all services:
<OSDash>
<service name="ServiceName" version="0.1">
service specific elements
</service>
</OSDash>

Format for any type of error:
<OSDash>
<Error>Error Description</Error>
</OSDash>