- From: <henry.story@bblfish.net>
- Date: Tue, 17 Nov 2015 22:18:51 +0000
- To: W3C Credentials Community Group <public-credentials@w3.org>
- Cc: public-webid <public-webid@w3.org>
Hi folks, I have now implemented client and server parts of the HTTP Signature protocol [1] in Scala and Scala-JS respectively and have gotten it to work. I have verified that I can display pages served from localhost that then use the HTTP Fetch API to fetch a page from https://joe.example:8443/, intercept a returned 401, and make a new request that succeeds. Currently that requests still fails because the the server does not yet know how to give rights to a WebKey identified user, which is on my list todo next. This works in Chrome Canary and Firefox developer edition. I have not had time to test it more widely, but it should work at least on 1 year old browsers. The current server code and detailed discussion is here: https://github.com/solid/solid-spec/issues/52#issuecomment-157519949 What would be needed to publish the key, would be either for the client to know of a place to publish one, or for the server to propose one itself. A number of options are available for publishing a key: 1) publishing a public key to some decentralised storage system 2) publishing it to a LDPC ( from the Linked Data Platform ) 2) is the easiest for me to implement as I already have an LDP Server. 1) would also be an interesting option, though it feels like more work Those two options are not exclusive. For those who would like the server to propose a place to POST the key one would only need the 401 to return a Link Header from RFC 5988 Link: </keys/>; rel="public-key-container"; title="Publish your public key here" Henry [1] https://tools.ietf.org/html/draft-cavage-http-signatures-05 [2] https://tools.ietf.org/html/rfc5988
Received on Tuesday, 17 November 2015 22:19:18 UTC