W3C home > Mailing lists > Public > public-rww@w3.org > July 2012

Authorization Delegation

From: Henry Story <henry.story@bblfish.net>
Date: Wed, 4 Jul 2012 13:35:57 +0200
Message-Id: <AEF9DEC0-7544-4D70-A5D8-509A683D02AD@bblfish.net>
To: WebID <public-webid@w3.org>, Read-Write-Web <public-rww@w3.org>
We had a long discussion yesterday in the teleconf on Delegation. Some things
that we thought would be useful would be to improve the wiki page for it by

  - adding use cases 
  - add pointer to the original mailing list discussion
    (and perhaps summarise the other options listed there)
  - improve the flow description 
    + show what the header sent would look like exactly
    + show what the returned message would look like
    + explain in detail the process the Guard would have to follow to decide what to do
    + (perhaps improve the diagram)
    + there is no mention even there of the Acting-on-behalf-of: header we discussed 
  - Mike Jones distinguished between 
    authorization delegation / identity delegation / capability delegation
    Here we are dealing with authorisation delegation - the secretary is authenticating as itself
  - emphasise the importance of the Acting-on-behalf-of: header to Andrei's use case where a resource
    may return different representations depending on who is asking. (question on RESTfulness of such
    a service)
  - also note on how some of this could be achieved without an Acting-on-behalf-of header by the server
    returning in its header a pointer to an access control ontology that might restrict in some way who
    can see that resource - leaving it to the agent to read that ACL and act on it. (the secretary would of
    course have to declare in its foaf that it is an understander-of-that-acl ontology )
    (part of other solutions space)

All this should be very clearly set out, so that we can later go to the HTTPbis working group
and present this, to get their feedback. The clearer it is the better and more useful the 
discussion should there should be.


Social Web Architect
Received on Wednesday, 4 July 2012 11:36:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:40:00 UTC