- From: Benjamin Goering <bengoering@gmail.com>
- Date: Mon, 23 Nov 2015 10:18:42 -0800
- To: public-annotation@w3.org
- Message-ID: <CAGYs8_9PsUE4j_OOEdEWRYe+S12cRbg7aN20H5ZRa-Tfa8ZzZw@mail.gmail.com>
Thanks for the tip to move over here Ben Y, and Robert for ccing this list.
Good to know about iiif auth. I've been on that list but hadn't seen it
before.
So the client needs
> to know where to go to allow the user to use their auth system, and then
> receive a ping that they should try again to do whatever action required
> authorization.
That sounds like Discovery
<https://openid.net/specs/openid-connect-discovery-1_0.html>. OIDC borrows
from webfinger
<https://openid.net/specs/openid-connect-discovery-1_0.html#RFC7033> and
the well-known registry
<https://openid.net/specs/openid-connect-discovery-1_0.html#RFC5785> to
help with this. The goal being to make it possible to allow a Client to
know where to go to auth{z,n} any user@provider.com, if provider.com is at
least serving a well-known document indicating where their auth provider is.
I'm looking forward to hearing about other auth strategies that communities
like iiif are using.
--
Benjamin Goering, Technologist
@bengo <https://twitter.com/bengo> - github.com/gobengo -
linkedin.com/in/benjamingoering
<https://www.linkedin.com/in/benjamingoering>
Received on Monday, 23 November 2015 18:19:30 UTC