W3C home > Mailing lists > Public > public-rww@w3.org > June 2012

Re: delegated authentication

From: Andrei Sambra <andrei@fcns.eu>
Date: Sat, 23 Jun 2012 11:54:59 +0200
Message-ID: <4FE59273.60104@fcns.eu>
To: Henry Story <henry.story@bblfish.net>
CC: public-webid <public-webid@w3.org>, Read-Write-Web <public-rww@w3.org>, Sebastian Dietzold <tramp@informatik.uni-leipzig.de>
> I understand you to be saying above that you are thinking of the secretary robot
> connecting to some server  (say on IBM.com),  and then make a request on that resource
> but somehow adding a ?id=webid to the url it was going to request? How would it know
> that that resource understood the same thing that you thought you meant when adding
> ?id=webid to the resource? There may not even be a resource there. (those are 2 different
> URLs)
>
> That does not seem very RESTful. It would require 2 requests on the resource:
> one where you get the version without the ?id=webid fields, and it returns some information
> telling you how you can GET a version for the secretary namely in your case by
> adding a ?id=webid field (perhaps it returns a semantically annotated form).

Yes, you are right. I feared that using an extra HTTP header option 
would require support from the webserver, but I was wrong. Indeed, 
specifying the identity of the real person in the header would be the 
best solution.

Andrei
Received on Saturday, 23 June 2012 09:55:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:39:58 UTC