- From: Henry Story <henry.story@co-operating.systems>
- Date: Wed, 23 Sep 2015 14:21:16 +0100
- To: W3C Credentials Community Group <public-credentials@w3.org>
Yesterday in a discussion on the http WG it occurred to me how one could get support from people with X509 background, and make the KeyURI have a dereferenceable meaning. https://lists.w3.org/Archives/Public/ietf-http-wg/2015JulSep/0388.html [[ The idea would be for example that a 401 with a WWW-Authenticate: Certificate, upload="/certs" The client could then POST the (x509?) certificate to that location, and receive a Location: header containing a URL that it could re-use on future connections, and which it could use for authentication with something like draft-cavage-http-signatures [1] The nice thing, is that this would allow one to also use URLs of certificates on remote servers, to avoid the whole process of certificate uploads. ( but the problem of people not having a server would be solved by the POST described above ) Also this provides an easy way to disable certificates by removing them from that URL. You could then further do content negotiation on that URL and allow many different formats to be returned, enabling a move to JSON certificate formats a la JOSE or based on JSON-LD. ]] Note that if the server did not want to make the URL dereferenceable it could then provide a URN. It turns out they actually want to discuss TLS authentication right now, so its not the right thread to develop this idea. But it would be of interest to this group. Henry
Received on Wednesday, 23 September 2015 13:21:50 UTC