Bruno Harbulot wrote: > Hi all, > > I'll start by a list of points that could be standardized (open questions). > > First, on the authentication part: > > 1. Standardizing the representation format: RDF/XML, RDFa, N3? -1 > 2. Standardizing the vocabulary. +1 > 3. Standardizing the data we expect to store in the X.509 certificate. +1 > 4. Standardizing the delegated login procedure. > Should this be part of this specification or another specification? fwiw & imho, under another spec - as that delegated login would still have to use 'this' spec to do the actual login > 5. Addressing the issue of signed RDF assertions or comparison with > other repositories of keys. > > So far, we've been using a simple dereferencing of the WebID to do the > verification. It's OK, but it doesn't really improve the security > compared to OpenID. There is potential to improve the security by using > the keys of course. How far do we want to go there? easy either way on this one, would also be interested to see if we can get a fingerprint in to the webid. > Secondly, on the authorization part, it's all the work about ontologies > for ACLs. Should this belong to the same specification? I see this as a > separate issue (although equally interesting). v interested in this one myself, perhaps separate, perhaps separate spec under same working group or suchlike.. Best, NathanReceived on Tuesday, 6 July 2010 16:58:25 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 7 November 2012 14:18:31 GMT