- From: Henry Story <henry.story@bblfish.net>
- Date: Fri, 13 Jul 2012 22:09:52 +0200
- To: Olivier Berger <olivier.berger@it-sudparis.eu>
- Cc: Sebastian Tramp <tramp@informatik.uni-leipzig.de>, Andrei Sambra <andrei@fcns.eu>, public-webid <public-webid@w3.org>, Read-Write-Web <public-rww@w3.org>
On 13 Jul 2012, at 16:46, Olivier Berger wrote: > Hi. > > About the naming scheme for all these delegated cases, and this time > refering to the discussions about secretaries / agents acting on behalf > of users (and not about the simple delegated authentication I've just > posted about in another thread), may it make sense to call that > "delegated authorization" for the more general acceptions ? Yes, that makes sense > > > Also, I didn't see OAuth [0] mentioned so much in what I've read so far. Because I have not studied it. Is it close? Have we covered OAuth with one Relation in WebID? That would be cool! > Still I very much think OAuth has indeed been built to allow (web) apps > to act on other services on behalf of users, once they have delegated > them some sort of a token to act on their behalf in the background. I'd be interested to know how they compare. I am going to soon work some more on OAuth. Whenever I asked others I came to understand that OAuth requires some behind the scenes negotiation, which our webid delegated authentication with the secretary relation does not. > > Again, can we same much of the low-level implementation details (like > signature or REST invocations between various agents) from OAuth ? > > > So maybe my WebID can describe the kind of delegation of authorizations > I grant to particular services/agents/secretaries (identified by their > own RDF description) in a standard and interoperable way (RDF ACL > kinds), instead of just creating various ad-hoc OAuth tokens in the > different databases of the different apps where I want these agent to > act on my behalf, but then all the communication between the agents and > the apps would occur over OAuth signed invocations : no need to reinvent > the already specified protocol ? Could be. If adding one relation to WebID gives us OAuth, then you could consider that we just simplified OAuth. I'll let you know more when I considered it in more detail. In any case one should be able to link data enable OAuth. That could be interesting. > > Does this make sense ? > > Hope this helps. > > Best regards, > > [0] http://tools.ietf.org/html/rfc5849 > > Henry Story <henry.story@bblfish.net> writes: > >> On 23 Jun 2012, at 17:11, Sebastian Tramp wrote: >> >>> On Sat, Jun 23, 2012 at 11:54:59AM +0200, Andrei Sambra wrote: >>> >>> Hi all, >>> >>> since we discussed this problem e.g. at the FSW in Berlin and on other places, >>> I had some material about webid delegation already finished. >>> >>> I've created a wiki page here: >>> http://www.w3.org/wiki/WebID/Delegation >> >> Great work! Thanks. >> >>> I've added an extended sequence image and some structure and hope we can take >>> this as a base for future discussion. Also note that we have this implemented >>> since 3 years in OntoWiki (to allow inter-OntoWiki communication) but with >>> other namings. Currently, Phil is reworking this part so that others (e.g. >>> Andrei) can use that too (the link is added to the page too) >> >> Great. yes, we should try to come to agree on some naming scheme. >> I hope to be able to implement this soonish. The read-write-web rewrite >> in Play 2.0 is moving ahead.... Then we can test and write it out nicely. >> But don't let my slowness slow you down :-) >> > > -- > Olivier BERGER > http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 > Ingenieur Recherche - Dept INF > Institut Mines-Telecom, Telecom SudParis, Evry (France) Social Web Architect http://bblfish.net/
Received on Friday, 13 July 2012 20:10:27 UTC