- From: Nathan <nathan@webr3.org>
- Date: Tue, 19 Jul 2011 21:00:43 +0100
- To: Ben Adida <ben@adida.net>
- CC: Kingsley Idehen <kidehen@openlinksw.com>, WebID XG <public-xg-webid@w3.org>, Manu Sporny <msporny@digitalbazaar.com>, Henry Story <henry.story@gmail.com>
Ben Adida wrote:
>> Generally speaking it seems at a non technical level, that BrowserID is
>> a nice abstraction layer on top of WebID, that makes it more user
>> friendly.
>
> Right, at a non-technical level, but if you dig into the technical
> details, the big difference is that BrowserID delivers an assertion in
> the application layer, while WebID delivers it in the network security
> layer.
question: if a domain isn't allowed access, at what point in the
procedure does this take effect? before or after the assertion is sent
to the rp/verifier?
scenario:
PublicKey storeWebID('http://we....');
string getWebID();
storeWebID takes a URI input, associates it with a keypair and returns
the public key.
one adds the public key to their personal profile located at webid-uri
(or has a script to do it w/ a password verification or some such)
getWebID pops up a dialog that asks them to select a webid uri, after
selecting it, it signs it with the private key associated with it, gets
the public key from webid-uri, verifies the signature, if cool it
returns the webid.
Received on Tuesday, 19 July 2011 20:01:57 UTC