Re: Authorization Delegation

On Wed, Jul 04, 2012 at 01:35:57PM +0200, Henry Story wrote:

> We had a long discussion yesterday in the teleconf on Delegation. Some things
> that we thought would be useful would be to improve the wiki page for it by
> http://www.w3.org/wiki/WebID/Delegation

oh great. sorry, could not attend the telco ...

>   - adding use cases 

I've added some more generic use-cases which I copied from a paper I work on
...

>   - improve the flow description 
>     + show what the header sent would look like exactly
>     + show what the returned message would look like

The returned message differs compared to an access by the named agent?

>     + explain in detail the process the Guard would have to follow to decide what to do
>     + (perhaps improve the diagram)

I've added four questionmarks to the diagram at the place in the graph where
the guard has to check for relations. We should explain that in the text ...

>     + there is no mention even there of the Acting-on-behalf-of: header we discussed 

Someone added On-Behalf-Of as the header name. This is fine for me.

I've added a link to our August 2011 paper to the resources section. Will add
a link to Philipp Frischmuths theses too since this is the first known
implementation of that extension (2009!).

>   - Mike Jones distinguished between 
>     authorization delegation / identity delegation / capability delegation
>     Here we are dealing with authorisation delegation - the secretary is authenticating as itself

I agree. @Mike - do the added use cases fit into this separation?

Best regards

Sebastian Tramp

-- 
WebID: http://sebastian.tramp.name

Received on Wednesday, 4 July 2012 20:56:29 UTC