- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Thu, 28 Mar 2019 09:34:53 +0100
- To: Kjetil Kjernsmo <kjetil@kjernsmo.net>
- Cc: public-solid <public-solid@w3.org>
- Message-ID: <CAKaEYhJq=Ed8j_EwbnxaFmiSDPT_37nHpxb10ebZSeMxVbEAhg@mail.gmail.com>
On Tue, 26 Mar 2019 at 15:59, Kjetil Kjernsmo <kjetil@kjernsmo.net> wrote: > All, > > In the current node-solid-server implementation, we have some > functionality > to verify certain interactions with an email verification, such as the > deletion of the whole Pod. > > I think we should make this more generic, possibly through the Web Access > Control spec, so that users can specify that certain interactions need > that > kind of verification. > > That way `DELETE /` (i.e. delete the whole POD) could be governed by e.g. > an explicit rule in the ACL file to ensure verification. > > The code for email verification will need to be in the server anyway, so I > think it makes sense for users to be able to reuse this functionality > where > they please. One can also envision other verification mechanisms than > email. > Do we not do it this way already? Or better question, how do we do it now? I've seen email addresses in acls before if I remember correctly. Wouldnt you just say that the email URI has a certain operation (in this case write/control?) on the resource. Then the server would authenticate a shared secret with an email address -- not terribly secure, but I think that can be done with a one time token? Is this last part the bit that would benefit from standardization? > > Kjetil > >
Received on Thursday, 28 March 2019 08:35:30 UTC