- From: Blaine Cook <romeda@gmail.com>
- Date: Wed, 5 Sep 2012 16:45:56 +0100
- To: Evan Prodromou <evan@status.net>
- Cc: public-fedsocweb@w3.org
Following up on some feedback I've just given Evan, I think it's best if the "user doing something" bit should be separate from the "hosts negotiating a secure / shared channel. Effectively this would just mean splitting the document into two separate documents; one that does the host negotiation stuff, and the other that handles the semantics of allowing delegation. That way, if two hosts wanted to do their secure communication using client certs instead, they could do so and still use the webfinger semantics around "is <host> allowed to act on behalf of <user>". b. On 5 September 2012 14:54, Evan Prodromou <evan@status.net> wrote: > I've done a quick NodeJS implementation for testing; You can see it here: > > https://github.com/evanp/dialback-example > > If there's sufficient interest, I can set up a live app that supports > Dialback authentication on the Web, so folks can fire requests at it to test > client implementations. > > -Evan > > > On 12-08-28 10:52 AM, Evan Prodromou wrote: > > Folks, > > We've talked before about mechanisms to authenticate HTTP requests using > dialback. > > I've written up a general method using the HTTP Authorization header, > similar to Basic or Digest authentication. > > http://www.w3.org/2005/Incubator/federatedsocialweb/wiki/Dialback_authentication > > I'd appreciate your feedback here or on the talk page of the wiki. > > -Evan > > -- > Evan Prodromou, CEO and Founder, StatusNet Inc. > 1124 rue Marie-Anne Est #32, Montreal, Quebec, Canada H2J 2B7 > E: evan@status.net P: +1-514-554-3826 > >
Received on Wednesday, 5 September 2012 15:46:49 UTC