W3C home > Mailing lists > Public > public-annotation@w3.org > December 2015

Re: [web-annotation] Client can't determine if user has authorization to modify annotation

From: Nick Stenning via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Dec 2015 17:15:41 +0000
To: public-annotation@w3.org
Message-ID: <issue_comment.created-161368940-1449076539-sysbot+gh@w3.org>
@iherman: we certainly agreed that we should consult outside the WG on
 how/if to consider access control as part of the protocol.

But let's not confuse authorization with authentication. It's very 
likely that any recommendation we make regarding authentication (if we
 even need to make any) will be to follow existing industry standards.
 But authorization may well be more complicated, and specific to the 
use cases of annotation. We're also less likely to burn our fingers on
 authorization/access control than we are on authentication.

I do think we should have some semblance of an answer for how 
authorization to do things on annotations are expressed and granted, 
because otherwise any real-world implementation of the protocol is 
going to end up being a standardised protocol wrapped in an 
unstandardised authorization layer, which would have negative 
implications for interoperability.

GitHub Notification of comment by nickstenning
Please view or discuss this issue at 
 using your GitHub account
Received on Wednesday, 2 December 2015 17:15:43 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:43 UTC