Delegated authorization ? Was: - Re: delegated authentication

Hi.

About the naming scheme for all these delegated cases, and this time
refering to the discussions about secretaries / agents acting on behalf
of users (and not about the simple delegated authentication I've just
posted about in another thread), may it make sense to call that
"delegated authorization" for the more general acceptions ?


Also, I didn't see OAuth [0] mentioned so much in what I've read so far.

Still I very much think OAuth has indeed been built to allow (web) apps
to act on other services on behalf of users, once they have delegated
them some sort of a token to act on their behalf in the background.

Again, can we same much of the low-level implementation details (like
signature or REST invocations between various agents) from OAuth ?


So maybe my WebID can describe the kind of delegation of authorizations
I grant to particular services/agents/secretaries (identified by their
own RDF description) in a standard and interoperable way (RDF ACL
kinds), instead of just creating various ad-hoc OAuth tokens in the
different databases of the different apps where I want these agent to
act on my behalf, but then all the communication between the agents and
the apps would occur over OAuth signed invocations : no need to reinvent
the already specified protocol ?

Does this make sense ?

Hope this helps.

Best regards,

[0] http://tools.ietf.org/html/rfc5849

Henry Story <henry.story@bblfish.net> writes:

> On 23 Jun 2012, at 17:11, Sebastian Tramp wrote:
>
>> On Sat, Jun 23, 2012 at 11:54:59AM +0200, Andrei Sambra wrote:
>> 
>> Hi all,
>> 
>> since we discussed this problem e.g. at the FSW in Berlin and on other places,
>> I had some material about webid delegation already finished.
>> 
>> I've created a wiki page here:
>> http://www.w3.org/wiki/WebID/Delegation
>
> Great work! Thanks.
>
>> I've added an extended sequence image and some structure and hope we can take
>> this as a base for future discussion. Also note that we have this implemented
>> since 3 years in OntoWiki (to allow inter-OntoWiki communication) but with
>> other namings. Currently, Phil is reworking this part so that others (e.g.
>> Andrei) can use that too (the link is added to the page too)
>
> Great. yes, we should try to come to agree on some naming scheme.
> I hope to be able to implement this soonish. The read-write-web rewrite 
> in Play 2.0 is moving ahead.... Then we can test and write it out nicely.
> But don't let my slowness slow you down :-)
>

-- 
Olivier BERGER 
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

Received on Friday, 13 July 2012 14:46:27 UTC