Re: Extending the WebID protocol with Access Delegation

On 14 August 2012 13:11, Henry Story <henry.story@bblfish.net> wrote:

> Of interest to both RWW and WebID group:
>
> Sebastian Tramp, Andrei Sambra, Philip Frischmuth, Michael Martin, Sören
> Auer and I have submitted a paper entitled "Extending the WebID protocol
> with Access Delegation"  for the ISCW 2012, 3rd International Workshop on
> Consuming Linked Data
>
>    http://bblfish.net/tmp/2012/08/05/WebID_Delegation.pdf
>
> The paper has not been accepted yet, and the review process will very
> likely allow us to revise parts of it. But the review process can start
> here already. Feedback, ideas and implementations are welcome :-)
>
> More pointers on the wiki
>
>    http://www.w3.org/wiki/WebID/Authorization_Delegation#External_pointers
>

Very interesting paper.  I've read through it once, though suspect I'll be
reading it again.  Thanks for putting this together.

One issue that stands out is fine grained permissions.

When I think of delegated authentication, probably the most common (and
perhaps) useful example is giving a 3rd party app (e.g. a game) permission
to do something somewhere else.

Example:  I've installed a game on my favourite social network and have
completed a quest.  The game wishes to perform a SPECIFIC action such as
posting to my wall, that I've achieved something, and allowing other of my
friends to gain a reward (thus growing the game virally).

It seems with the approach above that the 3rd party app would have complete
control.  Have you thought about how it would be possible to allow fine
grained access?


>
> Sincerely,
>
>         Henry
>
> Social Web Architect
> http://bblfish.net/
>
>
>

Received on Tuesday, 14 August 2012 21:02:52 UTC