WebID Simple (was: Archaic HTTP "From:" Header) from Melvin Carvalho on 2013-04-04 (public-webid@w3.org from April 2013)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Thu, 4 Apr 2013 12:19:54 +0200
To: public-webid <public-webid@w3.org>, public-rww <public-rww@w3.org>
Message-ID: <CAKaEYhLGm3=L=dAX37MDjp34AegeCx6TW9Q23JwAGeaAfbCnJA@mail.gmail.com>

By now we have broken WebID down into 3 cleanly separate concerns.

1. Identifiction
2. Authentication
3. Authorization

(1) is really a great unsolved problem on the web still

The WedID+TLS spec has a neat way of solving BOTH (1) by putting one or
more URIs in the v3 subjectAltName and also (2) via PKI

It seems we have a good solution to part (1) using the "From" header which
has been around for quite a while.

This topic has come up a few times in the past 3 years, maybe it's time to
make it into an offical spec.

I know we're getting into branding territory, which can be thorny, but
perhaps the name "WebID Simple" would suffice, much like we have "WebID +
TLS" ...

Any better names?  Thoughts?

Received on Thursday, 4 April 2013 10:20:31 UTC