W3C home > Mailing lists > Public > public-rww@w3.org > July 2012

Re: Delegated authentication use cases.

From: Nathan <nathan@webr3.org>
Date: Thu, 05 Jul 2012 15:04:21 +0100
Message-ID: <4FF59EE5.3030206@webr3.org>
To: Andrei Sambra <andrei@fcns.eu>
CC: public-webid <public-webid@w3.org>, Read-Write-Web <public-rww@w3.org>
Hi Andrei,

I've been looking at the MyProfile use case for delegated auth, and have 
one primary question, why is MyProfile doing the requesting and caching, 
could the user themselves, via a js application, not fulfil this roll, 
levering standard browser caching where needed - I'm unsure why the 
man-in-the-middle is needed?

This has no bearing on whether a delegated auth is required or not 
generally, just interested to look at whether it's the only solution, 
and keen not to push traditional "app on the server" mentality when it 
isn't required, especially in a RWW context.

Best,

Nathan

Andrei Sambra wrote:
> Hello everyone,
> 
> After yesterday's discussion with Henry and Mike Jones during the 
> teleconf, we decided to continue the thread "delegated authentication" 
> by providing real use cases, in order to better identify what needs to 
> be done. On the other hand, the issue of delegated authentication is not 
> specific to WebID, as it rather concerns access control. I am sure there 
> are more W3C groups (e.g. RRW) interested by this, so please try forward 
> this message to whom it may concern.
> 
> I have added a use case specific to MyProfile to the existing 
> "Delegation" wiki page [1]. Please feel free to add more use cases 
> corresponding to your needs.
> 
> Andrei
> 
> [1] http://www.w3.org/wiki/WebID/Delegation#Use_cases
> 
> 
Received on Thursday, 5 July 2012 14:05:07 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 5 July 2012 14:05:08 GMT