W3C home > Mailing lists > Public > public-annotation@w3.org > December 2015

Re: [web-annotation] Client can't determine if user has authorization to modify annotation

From: Ivan Herman via GitHub <sysbot+gh@w3.org>
Date: Wed, 02 Dec 2015 17:28:27 +0000
To: public-annotation@w3.org
Message-ID: <issue_comment.created-161372244-1449077305-sysbot+gh@w3.org>

> @iherman <https://github.com/iherman>: we certainly agreed that we 
should consult outside the WG on how/if to consider access control as 
part of the protocol.
> But let's not confuse authorization with authentication. It's very 
likely that any recommendation we make regarding authentication (if we
 even need to make any) will be to follow existing industry standards.
 But authorization may well be more complicated, and specific to the 
use cases of annotation. We're also less likely to burn our fingers on
 authorization/access control than we are on authentication.
> I do think we should have some semblance of an answer for how 
authorization to do things on annotations are expressed and granted, 
because otherwise any real-world implementation of the protocol is 
going to end up being a standardised protocol wrapped in an 
unstandardised authorization layer, which would have negative 
implications for interoperability.

I answer as if I understood this area:-) but isn't it so that even in 
the area of authorization things are moving so fast, due to all the 
current focus on these problems, that we would incur the danger of 
coming out with something out-of-date at the moment we publish our 

GitHub Notification of comment by iherman
Please view or discuss this issue at 
 using your GitHub account
Received on Wednesday, 2 December 2015 17:28:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:43 UTC