Re: A simple login use case using RWW without needing TLS from Nick Jennings on 2013-08-05 (public-rww@w3.org from August 2013)

From: Nick Jennings <nick@silverbucket.net>
Date: Mon, 5 Aug 2013 17:25:55 +0200
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: public-rww <public-rww@w3.org>, public-webid <public-webid@w3.org>
Message-ID: <CAJL4WtYNvz0EwnRhyWkLA-fcataDZv--xUwxfo8mOO8CGH_viQ@mail.gmail.com>

I like this idea, only needing webid authorization with your homepage, and
proving you have that authorization with a quick write.

Though, does your turtle page ([given site uri]+"/card" right?) become
cluttered with challenge strings?
On Aug 4, 2013 11:44 PM, "Melvin Carvalho" <melvincarvalho@gmail.com> wrote:

> I was just thinking this could be a possible login use case
>
> 1. Go to a site sending your HTTP identity (e.g. via User Header)
>
> 2. Site requires authentication so sends a "Challenge" header
>
> 3. Using RWW add the following triple to your site
>
> <#me> <somevocab : challenge> "Challenge-String".
>
> 4. On update, refresh the page
>
> 5. The relying party will check your page for the challenge string, and
> when it finds it there, logs you in
>
> This is much like the common automated process where someone will ask you
> to 'verify your homepage' by making you add a string.  With POST / PATCH /
> PUT technology perhaps it could all be automated allowing login without the
> of the relying party having to use TLS.
>

Received on Monday, 5 August 2013 15:26:25 UTC