Authentication Proposal -- Solid Cookies from Melvin Carvalho on 2016-02-05 (public-rww@w3.org from February 2016)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Fri, 5 Feb 2016 12:07:19 +0100
To: public-rww <public-rww@w3.org>, public-webid <public-webid@w3.org>
Message-ID: <CAKaEYhK4vy-Q6UEnUL7otcD_=qH_5h1=u=ekUgG7=jxGBmoM-g@mail.gmail.com>

Alice wishes to authenticate on Bobs server.

   1. Alice sends her User: identity, and (optionally) a path to a
   "cookie". The cookie is a resource that only Bobs server and Alice have
   access to. The contents of the resource are a typical cookie with
   unguessable string and expiry.
   2. Bob's server compares the string sent from the browser and the string
   in the file. If they match access is granted.


Any comments on this idea?

Received on Friday, 5 February 2016 11:07:55 UTC