W3C home > Mailing lists > Public > public-webid@w3.org > August 2012

Re: Extending the WebID protocol with Access Delegation

From: Sebastian Tramp <tramp@informatik.uni-leipzig.de>
Date: Wed, 15 Aug 2012 10:21:05 +0200
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: public-webid@w3.org
Message-ID: <20120815082105.GB25116@soljaris14.local>
On Tue, Aug 14, 2012 at 02:25:50PM -0400, Kingsley Idehen wrote:

> >For example imagine that your secretary (running on your openlink domain) is
> >running the RESTful mail for a whole company, and so for Joe, Jim, Jack and
> >Johnson. It does a GET on a resource R on the IBM.com web servers. R is
> >meant for Johnson, but not for any other user. If the secretary is given
> >plain access at the same level as Johnson, then how is IBM's guard going to
> >know if it should give the secretary access? Who is she acting for? Or put
> >another way: how does the author of the guard write out the ACL on R so as
> >to allow the secretary to only give the resource to Johnson?
> >
> >This is where the On-Behalf-Of header comes in.
> Yes, but that using an HTTP header to deliver information missing from the
> graph resolved from WebID in the SAN of the cert. presented by the user agent
> seeking access to a resource.

Kingsley, the On-Behalf-Of request header is a triple (in form of a HTTP header
field) which relates the current HTTP request with a WebID. Since HTTP requests
are really short living, I do not see where we should materialize the triple
outside the request packet itself (and we do not have a request URI anyway).

> On-Behalf-Of is a "leap of literal faith" tucked into an HTTP header :-)

We have to work in the environment we have and literal header fields is the
only representation we have at the moment.

> A semantic pingback could place this in triple form in the secrataries
> profile in the form of a reciprocal triple.

I believe we discuss different issues here. Semantic Pingback is a low
footprint protocol to enable publishers of semantic data to communicate the
Linked Data network connections (object properties) they have created.  Of
course, Semantic Pingback can be extended with access delegation (as outline in
the paper and quoted by you here in the thread) but any other HTTP request can
be extended in the same way.



WebID: http://sebastian.tramp.name
Received on Wednesday, 15 August 2012 08:21:36 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:34 UTC