Kevin,
Thanks for taking time to help me out with this. So if I am getting the query string parameters of:
shop=<shop>×tamp=<TS>&signature=<sig> I would do the following to determine if the "request" was originating from Shopify Store:
MD5(shop=<shop>timestamp=<TS> + SECRECT_KEY) to get a value to compare against the Signature passed in the same request. Correct?