Re: sketch of a simple authentication protocol

On 3 Apr 2008, at 10:55, Toby A Inkster wrote:
> On 2 Apr 2008, at 15:52, Story Henry wrote:
>
>> I thought it would be fun to represent your answer [1] with a  
>> Sequence Diagram to make sure I have really understood what you are  
>> saying. It is even simpler that the previous sketch.
>
>
> Yep, that's pretty much it.

great. I am now checking to see how difficult it is to get this X501  
information with Java libraries. It would be fun to get a demo going.

> An additional detail which is missing in your diagramme is: what  
> happens if Romeo's client doesn't send an Agent-Id header (I used  
> HTTP "From" header originally, but it doesn't really matter what the  
> header is called) or Juliette decides she doesn't trust Romeo. I  
> originally specified that a simple copy of the public profile should  
> be returned, but instead I think perhaps a 302 redirect back to the  
> public profile is more appropriate.

makes sense. I'll add a note in the commentaries if I can get this to  
work.

> Also, I'd like to make a bid to explicitly allow XHTML+RDFa to be  
> used for the public profiles (and if implementations are going to  
> need to support it for public profiles, we might as well also allow  
> it for private profiles!). With that in place, a person can decide  
> to use the same URI for:
>
> 	* their (human-readable) homepage;
> 	* their FOAF profile for use in this protocol; and
> 	* their OpenID identifier.

Of course. In the initial sketch I had made that explicit. Any RDF  
representation, including GRDDLEable Xml should be ok.

> If we insisted that their profile URI be RDF/XML, then that couldn't  
> happen (except perhaps with some sort of content negotiation going  
> on — I've not thought out the details).

Well the beautify of semantics is that we can abstract on the  
representation.
:-)

Henry

> -- 
> Toby A Inkster
> <mailto:mail@tobyinkster.co.uk>
> <http://tobyinkster.co.uk>
>
>
>

Received on Thursday, 3 April 2008 09:16:35 UTC