- From: Sebastian Tramp <tramp@informatik.uni-leipzig.de>
- Date: Wed, 15 Aug 2012 10:21:05 +0200
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: public-webid@w3.org
On Tue, Aug 14, 2012 at 02:25:50PM -0400, Kingsley Idehen wrote: > >For example imagine that your secretary (running on your openlink domain) is > >running the RESTful mail for a whole company, and so for Joe, Jim, Jack and > >Johnson. It does a GET on a resource R on the IBM.com web servers. R is > >meant for Johnson, but not for any other user. If the secretary is given > >plain access at the same level as Johnson, then how is IBM's guard going to > >know if it should give the secretary access? Who is she acting for? Or put > >another way: how does the author of the guard write out the ACL on R so as > >to allow the secretary to only give the resource to Johnson? > > > >This is where the On-Behalf-Of header comes in. > > Yes, but that using an HTTP header to deliver information missing from the > graph resolved from WebID in the SAN of the cert. presented by the user agent > seeking access to a resource. Kingsley, the On-Behalf-Of request header is a triple (in form of a HTTP header field) which relates the current HTTP request with a WebID. Since HTTP requests are really short living, I do not see where we should materialize the triple outside the request packet itself (and we do not have a request URI anyway). > On-Behalf-Of is a "leap of literal faith" tucked into an HTTP header :-) We have to work in the environment we have and literal header fields is the only representation we have at the moment. > A semantic pingback could place this in triple form in the secrataries > profile in the form of a reciprocal triple. I believe we discuss different issues here. Semantic Pingback is a low footprint protocol to enable publishers of semantic data to communicate the Linked Data network connections (object properties) they have created. Of course, Semantic Pingback can be extended with access delegation (as outline in the paper and quoted by you here in the thread) but any other HTTP request can be extended in the same way. Best ST -- WebID: http://sebastian.tramp.name
Received on Wednesday, 15 August 2012 08:21:36 UTC