- From: Michiel de Jong <michiel@unhosted.org>
- Date: Mon, 9 Jul 2012 09:03:40 +0300
- To: Markus Sabadello <markus.sabadello@gmail.com>
- Cc: public-fedsocweb@w3.org
On Sun, Jul 8, 2012 at 7:29 PM, Markus Sabadello <markus.sabadello@gmail.com> wrote: > A. In OpenID there's something called the UserInfo endpoint (In OAuth > terminology, that's the protected resource). So you could request the list > of friends, and other things directly from that UserInfo endpoint, simply as > part of the normal OAuth flow. hm, in http://openid.net/specs/openid-connect-messages-1_0.html#userinfo_ep i see nothing about friends list, although it does seem to be the right place. do you know if anybody has done this yet before? > OR > > B. We could have a standard Linked Data endpoint from which you get the list > of friends and other stuff, and we could protect that endpoint with the > OpenID Connect token. by standard Linked Data endpoint you mean discoverable through .well-known? or how? > I know the standard authn/authz mechanism for Linked Data is WebID/WebACL, > but shouldn't OAuth/OIDC work too? you can build that into the OAuth dialog, so that the user doesn't have to type a password (or might not even have a password) but can immediately click 'Allow'. You can do the same with SAML or Mozilla Persona. If we specify OAuth then the rest is out of scope - something between the user and their own node.
Received on Monday, 9 July 2012 06:04:08 UTC