W3C home > Mailing lists > Public > public-rww@w3.org > June 2012

Re: delegated authentication

From: Nathan <nathan@webr3.org>
Date: Sat, 23 Jun 2012 12:36:45 +0100
Message-ID: <4FE5AA4D.8090204@webr3.org>
To: Andrei Sambra <andrei@fcns.eu>
CC: Henry Story <henry.story@bblfish.net>, public-webid <public-webid@w3.org>, Read-Write-Web <public-rww@w3.org>, Sebastian Dietzold <tramp@informatik.uni-leipzig.de>
Andrei Sambra wrote:
>> I understand you to be saying above that you are thinking of the 
>> secretary robot
>> connecting to some server  (say on IBM.com),  and then make a request 
>> on that resource
>> but somehow adding a ?id=webid to the url it was going to request? How 
>> would it know
>> that that resource understood the same thing that you thought you 
>> meant when adding
>> ?id=webid to the resource? There may not even be a resource there. 
>> (those are 2 different
>> URLs)
>>
>> That does not seem very RESTful. It would require 2 requests on the 
>> resource:
>> one where you get the version without the ?id=webid fields, and it 
>> returns some information
>> telling you how you can GET a version for the secretary namely in your 
>> case by
>> adding a ?id=webid field (perhaps it returns a semantically annotated 
>> form).
> 
> Yes, you are right. I feared that using an extra HTTP header option 
> would require support from the webserver, but I was wrong. Indeed, 
> specifying the identity of the real person in the header would be the 
> best solution.

Sorry to keep dragging this up every few months, but four party auth:

   http://lists.w3.org/Archives/Public/public-xg-webid/2011Jan/0056.html

Best,

Nathan
Received on Saturday, 23 June 2012 11:37:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:39:58 UTC