Authentication Proposal -- Solid Cookies

Alice wishes to authenticate on Bobs server.

   1. Alice sends her User: identity, and (optionally) a path to a
   "cookie". The cookie is a resource that only Bobs server and Alice have
   access to. The contents of the resource are a typical cookie with
   unguessable string and expiry.
   2. Bob's server compares the string sent from the browser and the string
   in the file. If they match access is granted.


Any comments on this idea?

Received on Friday, 5 February 2016 11:07:57 UTC