Re: header to allow webid tls on servers from Timothy Holborn on 2019-03-15 (public-solid@w3.org from March 2019)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Fri, 15 Mar 2019 18:10:16 +1000
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: public-solid <public-solid@w3.org>, Kingsley Idehen <kidehen@openlinksw.com>
Message-ID: <CAM1Sok3cprL-AH-rtdVm-N1c_Fr7S75Y5Yy6kxofYFJpffYTQA@mail.gmail.com>

It was my view that the WebID-AUTH Suite was designed to be supported in a
variety of ways, as to support various use-cases.

IoT Devices that support TLS certificates, would be better-off using
WebID-TLS to define semantics.  Shared computers, might use both WebID-TLS
and WebID-OIDC and perhaps part of the solution to open-wifi hotspots (ie:
in universities) does indeed exist within the sphere of WebID-TLS solutions.

noting also, in prior examples such as http://webcivics.org/dev/index.html
and, earlier still http://mediaprophet.org/ux_KB/page4115294.html - which
illustrate the variety of uses certificates + semantics could support.

noting also, alot also depends upon the controls brought about by the
notations in that URI.

Finally; the reason why this shouldn't be too much of a problem is that
some devices aren't able to use WebID-OIDC.  So, support for WebID-TLS
seems rather straight-forward, irraspective of how it is people want to
implement in their own systems...
imho

On Fri, 15 Mar 2019 at 16:47, Melvin Carvalho <melvincarvalho@gmail.com>
wrote:

> as a long time user of solid servers, there is one feature that I cant
> live without
>
> and that is the ability to authenticate to a server using WebID / TLS
>
> what this means is that with a simple curl statement and attaching a
> certificate you are able to use solid server to server, which is the bulk
> of my work flow
>
> recent additions to the authentication suite, involved adding of
> webid-oidc, which was promised as an addition, rather than, a replacement
>
> I have tried on a number of occasions to use OIDC with TLS, and it's not
> ready, and frankly a large time sink
>
> However, kingsley has been using for some time an innovative approach.
> Add a certain header to your curl request and the server will allow TLS
> authentication.  This is in line with the authentication enhancement that
> was pitched for solid -- namely oidc to become a point of flexibility.
>
> Mainly a question for Kingsley and the group.  How is this achieved?
> Kingsley has stated informally a few times that he sends a webid tls
> header.  I need this feature to work.  But two questions
>
> 1. What is the name of the header?  Should we try to standardize the
> naming in this group?
>
> 2. How to patch a server so that it will make use of this functionality.
>
> What the eventual end product would is something like
>
> curl -H "Header : Value" --cert C --key C  URI
>
> And you're done.  Most solid servers do this out of the box already.  But
> for those that dont, this would be very useful in allowing server to server
> or at least, command line to server requests.
>

Received on Friday, 15 March 2019 08:10:15 UTC