A simple login use case using RWW without needing TLS from Melvin Carvalho on 2013-08-04 (public-rww@w3.org from August 2013)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sun, 4 Aug 2013 23:43:39 +0200
To: public-rww <public-rww@w3.org>, public-webid <public-webid@w3.org>
Message-ID: <CAKaEYh+OAYyAanRdM5Vz4Y7HZvrX7nun+azNN4wG7cLK+HF3iQ@mail.gmail.com>

I was just thinking this could be a possible login use case

1. Go to a site sending your HTTP identity (e.g. via User Header)

2. Site requires authentication so sends a "Challenge" header

3. Using RWW add the following triple to your site

<#me> <somevocab : challenge> "Challenge-String".

4. On update, refresh the page

5. The relying party will check your page for the challenge string, and
when it finds it there, logs you in

This is much like the common automated process where someone will ask you
to 'verify your homepage' by making you add a string.  With POST / PATCH /
PUT technology perhaps it could all be automated allowing login without the
of the relying party having to use TLS.

Received on Sunday, 4 August 2013 21:44:07 UTC