- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Wed, 30 Apr 2014 07:02:41 +0200
- To: Andrei Sambra <andrei@fcns.eu>, public-webid@w3.org
On 2014-04-30 06:04, Andrei Sambra wrote: > Hi Anders, > > On 04/29/2014 11:49 PM, Anders Rundgren wrote: >> On 2014-04-30 03:40, Andrei Sambra wrote: >> >> Hi Andrei, >> >> I took a quick peak at http://www.w3.org/2005/Incubator/webid/spec/tls/ >> >> I don't understand why the flowchart in 4.1 shows a social graph in step 3 >> because at this stage you should only know if the resource is protected or not. >> If the resource isn't protected wouldn't you just be transferred to step 8? >> The social graph seems more appropriate for step 7. > > The point is that if the resource has no ACL policy of if it allows > everyone to access it, then there is no need to authenticate the request > anymore. Yes, this is stated in step 3. I interpret your answer as WebID-TLS presumes a rather unusual Web server and TLS arrangement where resources are dynamically requesting TLS CCA (Client Certificate Authentication). Personally I think it would be wiser sticking to the more established static protected/public notion and postpone authorization to step 7. Anders > >> >> Minor nit: Step 7 in the flowchart talks about access control rules in >> step 2. Shouldn't it be step 3? > > Step 2 is a rather long step, which contains all the subsequent steps. > > -- Andrei > >> >> Anders >> >>> We are proud to announce that on 2014-03-05, the WebID Community Group published >>> an updated set of drafts for the following specifications: >>> >>> WebID - Web Identity and Discovery >>> WebID-TLS - Authentication over TLS >>> >>> Participants contribute material to this specification under the W3C Community >>> Contributor License Agreement (CLA). >>> If you have any questions, please contact the group on their public list: >>> public-webid@w3.org. >>> >>> >>> >>> ---------- >>> >>> This post sent on WebID Community Group >>> >>> >>> >>> 'New official drafts published.' >>> >>> http://www.w3.org/community/webid/2014/04/30/updated-specs/ >>> >>> >>> >>> Learn more about the WebID Community Group: >>> >>> http://www.w3.org/community/webid >>> >>> >>> >> > >
Received on Wednesday, 30 April 2014 05:03:14 UTC