<html>
<body>
Hi Nicole,<br><br>
Further to my last post, I should have quoted this Koha FAQ, <br>
<a href="http://koha.org/documentation/faq/why-do-i-need-a-awsprivatekey-for-amazon-content/?searchterm=secret" eudora="autourl">
http://koha.org/documentation/faq/why-do-i-need-a-awsprivatekey-for-amazon-content/?searchterm=secret<br>
</a>which states that the Private Access Key and Secret key are the
same. I assumed you had written the FAQ.<br><br>
<h1><b>Why do I need a AWSPrivateKey for Amazon
Content?</b></h1><a href="http://koha.org/documentation/faq">Up to Table
of Contents </a><br><br>
This FAQ applies to: 3.2 <br>
Why do I need the AWSPrivateKey as well as the AWSAccessKeyID to use
Amazon Content?<br><br>
After 2009-08-15, Amazon Web Services will expect that all requests to
the Product Advertising API, which is what Koha uses for retrieving
reviews and other enhanced content from Amazon, include signatures.
This patch and subsequenct patches implement this functionality.<br><br>
What this means in practice (assuming the user has elected to use any
enhanced content from Amazon) is that
<ol>
<li>The user must get a Amazon Secret Access Key. This can be done
by logging in to the user's AWS account at (e.g.)
<a href="http://aws.amazon.com/">http://aws.amazon.com/</a>, going to the
'Access Identifiers' page, and from there retrieving and/or creating a
new Secret Access Key.
<li>The contents of the Secret Access Key should then be entered into the
new AWSPrivateKey system preference.
</ol><br>
Once that is done, grabbing reviews and table of contents from Amazon
should work as normal. If the user doesn't do this before
2009-08-15, reviews and TOCs will no longer be supplied from Amazon,
although there should be no crashes - the content will simply not show
up.<br><br>
Note that the requirement to sign requests does *NOT* appear to apply to
simply displaying book covers from Amazon.<br><br>
END OF QUOTE FROM FAQ.<br><br>
This won't be so simple to implement because the Secret key is long and
complex and can't be cut and pasted from the Amazon site into the Koha
system prefs.<br><br>
Presumably the patch for 3.2 uses the Secret Key to create a digital
signature, as described in the following<br>
Amazon description of access keys at <br>
<a href="http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#AccessKeys" eudora="autourl">
http://docs.amazonwebservices.com/AWSSecurityCredentials/1.0/AboutAWSCredentials.html#AccessKeys</a>
<ul>
<li><b>Secret Access Key</b>Each Access Key ID has a Secret Access Key
associated with it. This key is just a long string of characters (and not
a file) that you use to calculate the digital signature that you include
in the request. Your Secret Access Key is a secret, and only you and AWS
should have it. Don't e-mail it to anyone, include it any AWS requests,
or post it on the AWS Discussion Forums. No authorized person from AWS
will ever ask for your Secret Access Key.
</ul>When you create a request, you create a digital signature with your
secret key and include it in the request along with your Access Key ID.
When we get the request, we use your Access Key ID to look up the
corresponding Secret Access Key. We use the key to validate the signature
and confirm that you're the request sender.<br><br>
END OF QUOTE FROM AMAZON SITE.<br><br>
Mike Mason<br><br>
Earlier today, I wrote:<br>
------------------------------------------------<br>
My statement that "what we call the Amazon private key is really the
Amazon Secret Access Key" was based on the following: I have just
set up my Amazon associate ID and AWS access keys in Amazon, and the site
described two keys as follows: (this is cut and pasted from Amazon's
Associates' "Manage your account" page:)<br>
<b><i>You will need access identifiers to call the Product Advertising
API, authenticate requests and identify yourself as the sender of a
request. Two types of identifiers are available: AWS Access Key
Identifiers (Public and Secret Keys) and X.509 Certificates. <br><br>
</i></b>The site guides you to set up the Public and Secret keys.
It does not mention a "Private key". So I assumed that
what you referred to in the 3.2 manual as a "Private Key" was
meant to indicate Amazon's "Secret Key". But perhaps you had
something else in mind?<br><br>
Unfortunately I can't test this as I'm on Liblime's Koha Express, which
is still back in Koha 3.00.02.012 and has no system preference entries
for Amazon reviews or for the Secret/Private key.<br><br>
Mike Mason<br><br>
At Sunday 14/02/2010, you wrote:<br>
<blockquote type=cite class=cite cite="">Hi all,<br><br>
I want to confirm that what we call the Amazon private key is really<br>
the Amazon Secret Access Key. If so I want to update the language
in<br>
the manual and the sys prefs page -but I want to be sure before I do<br>
that.<br><br>
Nicole<br>
_______________________________________________<br>
Koha mailing list<br>
Koha@lists.katipo.co.nz<br>
<a href="http://lists.katipo.co.nz/mailman/listinfo/koha" eudora="autourl">
http://lists.katipo.co.nz/mailman/listinfo/koha</a></blockquote></body>
</html>