- From: Nick Jennings <nick@silverbucket.net>
- Date: Mon, 5 Aug 2013 17:25:55 +0200
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: public-rww <public-rww@w3.org>, public-webid <public-webid@w3.org>
Received on Monday, 5 August 2013 15:26:25 UTC
I like this idea, only needing webid authorization with your homepage, and proving you have that authorization with a quick write. Though, does your turtle page ([given site uri]+"/card" right?) become cluttered with challenge strings? On Aug 4, 2013 11:44 PM, "Melvin Carvalho" <melvincarvalho@gmail.com> wrote: > I was just thinking this could be a possible login use case > > 1. Go to a site sending your HTTP identity (e.g. via User Header) > > 2. Site requires authentication so sends a "Challenge" header > > 3. Using RWW add the following triple to your site > > <#me> <somevocab : challenge> "Challenge-String". > > 4. On update, refresh the page > > 5. The relying party will check your page for the challenge string, and > when it finds it there, logs you in > > This is much like the common automated process where someone will ask you > to 'verify your homepage' by making you add a string. With POST / PATCH / > PUT technology perhaps it could all be automated allowing login without the > of the relying party having to use TLS. >
Received on Monday, 5 August 2013 15:26:25 UTC