- From: Nathan <nathan@webr3.org>
- Date: Wed, 31 Oct 2012 01:40:51 +0000
- To: rww <public-rww@w3.org>
This may seem like first year stuff, but it may be useful to mention.
Identification != Authentication != Authorisation .
Generally we can say that Authentication provides us with an identifier
for the authenticated agent, and Authorisation is then done using the
authenticated identifier.
API wise, this means we have:
Interface Authentication {
agent-identifier authenticate(*);
}
Interface Authorisation {
boolean authorise(agent-identifier vai, request r, *);
}
Step one is to authenticate the requesting agent and establish an
agent-identifier for them.
Step two is to see if the established agent-identifier is authorised to
do what they've requested.
WebID-Protocol implements the Authentication interface, and returns a
specific kind of agent-identifier, namely a WebID.
WebAccessControl implements the Authorisation interface.
When working on the web, it makes sense that an agent-identifier be a
URI (of which WebIDs are a subset).
This decoupling means that WebAccessControl doesn't require a WebID,
rather it just requires a URI identifying an agent.
I'm only mentioning this because sometimes when you look at things
closely for a long time the simple stuff gets all mixed up. Or perhaps
more accurately, writing the above clears things up in my own head and
allows me to both share it and sanity check it with the group :)
Best, Nathan
Received on Wednesday, 31 October 2012 01:41:57 UTC