- From: Ivan Herman via GitHub <sysbot+gh@w3.org>
- Date: Wed, 02 Dec 2015 17:28:27 +0000
- To: public-annotation@w3.org
> @iherman <https://github.com/iherman>: we certainly agreed that we should consult outside the WG on how/if to consider access control as part of the protocol. > But let's not confuse authorization with authentication. It's very likely that any recommendation we make regarding authentication (if we even need to make any) will be to follow existing industry standards. But authorization may well be more complicated, and specific to the use cases of annotation. We're also less likely to burn our fingers on authorization/access control than we are on authentication. > > I do think we should have some semblance of an answer for how authorization to do things on annotations are expressed and granted, because otherwise any real-world implementation of the protocol is going to end up being a standardised protocol wrapped in an unstandardised authorization layer, which would have negative implications for interoperability. > I answer as if I understood this area:-) but isn't it so that even in the area of authorization things are moving so fast, due to all the current focus on these problems, that we would incur the danger of coming out with something out-of-date at the moment we publish our rec? -- GitHub Notification of comment by iherman Please view or discuss this issue at https://github.com/w3c/web-annotation/issues/19#issuecomment-161372244 using your GitHub account
Received on Wednesday, 2 December 2015 17:28:29 UTC