- From: elf Pavlik <elf-pavlik@hackers4peace.net>
- Date: Tue, 25 Nov 2025 20:29:38 -0600
- To: Linked Web Storage Working Group <public-lws-wg@w3.org>
Hello, I created a rough first draft of a sequence diagram showing theoretical full sequence from user authenticating with an application to viewing a protected resource. https://elf-pavlik.github.io/lws-auth/view/oidc/?dynamic=sequence (start button allows stepping through the sequence with notes for each step) I would like to have available something similar to https://solid.github.io/solid-oidc/primer/ which I believe many developers found to be a useful reference. This early draft is based on the two PRs * https://github.com/w3c/lws-protocol/pull/43 * https://github.com/w3c/lws-protocol/pull/45 As well as those IETF drafts * https://www.ietf.org/archive/id/draft-ietf-oauth-identity-assertion-authz-grant-01.html * https://www.ietf.org/archive/id/draft-parecki-oauth-client-id-metadata-document-03.html All token audiences are restricted and tokens are not sender constrainted (no DPoP). I didn't have a good way to capture that Resource Owner security domain, in real life would be repeated n times, once for each storage (server) of each peer in a social graph whose data the app is accessing. There are a lot of issues, especially in snippets I need to do more checks on all the `aud`, `realm`, `resource` use etc. At this moment I would mostly be interested in high level feedback. * Does it follow intented use as of current LWS PRs? * Does the way I try to incorporate Identity Assertion JWT Authorization Grant is somehow reasonable? * Does the overall format even looks useful - I'm using open source library https://likec4.dev/ I'll be iterating over it in next days/weeks, eventually hoping to use it as a reference when looking myself and discussing with others how it could be implemented in CSS and open-source client libraries. Best regards, elf Pavlik
Received on Wednesday, 26 November 2025 02:29:48 UTC