W3C home > Mailing lists > Public > public-rww@w3.org > October 2011

Easy auth and ACL?

From: Danny Ayers <danny.ayers@gmail.com>
Date: Thu, 6 Oct 2011 20:07:19 +0200
Message-ID: <CAM=Pv=Qs+UnnVgj5NNnK7qEhmVfu3NSJTA5T86zQs2gkLFZiyA@mail.gmail.com>
To: public-rww@w3.org
The other day I had yet another bunch of brilliant app ideas... but
there were stumbling blocks I've hit before. Areas I haven't a clue
about.

The user management bit - ok, I know how to model this in RDF using
named graphs - but the wire-level stuff really does seem hard work.

Ok, practical scenario:

you've got a CMS, and -

1. you want to make sure the user's data is safe (in their terms, they
have control)
2. you wish to make it user friendly

In my head I want WebID, but when it comes to coding it up it seems
non-trivial.
Earlier I asked a friend who builds Web sites for a living what she
did: this stuff she codes from scratch every time, uses ASP sessions
(whatever they are) and essentially passes passwords over in plain
text.

As far as I can tell, the best bet for passing the password initially
would be over HTTPS - maybe do the password/email dance. Thereafter
HTTP Digest.

But my goal here is to be able to mass produce apps, I *don't* want to
have to think it through again every time.

Suggestions?

Cheers,
Danny.

-- 
http://dannyayers.com
Received on Thursday, 6 October 2011 18:07:47 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 30 April 2012 12:56:00 GMT