Re: delegated authentication

On Sat, Jun 23, 2012 at 11:54:59AM +0200, Andrei Sambra wrote:

Hi all,

since we discussed this problem e.g. at the FSW in Berlin and on other places,
I had some material about webid delegation already finished.

I've created a wiki page here:
http://www.w3.org/wiki/WebID/Delegation

I've added an extended sequence image and some structure and hope we can take
this as a base for future discussion. Also note that we have this implemented
since 3 years in OntoWiki (to allow inter-OntoWiki communication) but with
other namings. Currently, Phil is reworking this part so that others (e.g.
Andrei) can use that too (the link is added to the page too)

Best regards

Sebastian Tramp

> >I understand you to be saying above that you are thinking of the secretary
> >robot connecting to some server  (say on IBM.com),  and then make a request
> >on that resource but somehow adding a ?id=webid to the url it was going to
> >request? How would it know that that resource understood the same thing that
> >you thought you meant when adding ?id=webid to the resource? There may not
> >even be a resource there. (those are 2 different URLs)
> >
> >That does not seem very RESTful. It would require 2 requests on the
> >resource: one where you get the version without the ?id=webid fields, and it
> >returns some information telling you how you can GET a version for the
> >secretary namely in your case by adding a ?id=webid field (perhaps it
> >returns a semantically annotated form).
> 
> Yes, you are right. I feared that using an extra HTTP header option would
> require support from the webserver, but I was wrong. Indeed, specifying the
> identity of the real person in the header would be the best solution.




-- 
WebID: http://sebastian.tramp.name