- From: Nick Stenning via GitHub <sysbot+gh@w3.org>
- Date: Wed, 02 Dec 2015 17:15:41 +0000
- To: public-annotation@w3.org
@iherman: we certainly agreed that we should consult outside the WG on how/if to consider access control as part of the protocol. But let's not confuse authorization with authentication. It's very likely that any recommendation we make regarding authentication (if we even need to make any) will be to follow existing industry standards. But authorization may well be more complicated, and specific to the use cases of annotation. We're also less likely to burn our fingers on authorization/access control than we are on authentication. I do think we should have some semblance of an answer for how authorization to do things on annotations are expressed and granted, because otherwise any real-world implementation of the protocol is going to end up being a standardised protocol wrapped in an unstandardised authorization layer, which would have negative implications for interoperability. -- GitHub Notification of comment by nickstenning Please view or discuss this issue at https://github.com/w3c/web-annotation/issues/19#issuecomment-161368940 using your GitHub account
Received on Wednesday, 2 December 2015 17:15:43 UTC