Re: New official drafts published. [via WebID Community Group] from henry.story@bblfish.net on 2014-05-01 (public-webid@w3.org from May 2014)

From: <henry.story@bblfish.net>
Date: Thu, 1 May 2014 16:04:02 +0200
To: Anders Rundgren <anders.rundgren.net@gmail.com>
Cc: Andrei Sambra <andrei@fcns.eu>, public-webid@w3.org
Message-Id: <3DC99042-95C3-4C12-84C5-D95AD45BE42F@bblfish.net>

On 30 Apr 2014, at 07:02, Anders Rundgren <anders.rundgren.net@gmail.com> wrote:

> On 2014-04-30 06:04, Andrei Sambra wrote:
>> Hi Anders,
>> 
>> On 04/29/2014 11:49 PM, Anders Rundgren wrote:
>>> On 2014-04-30 03:40, Andrei Sambra wrote:
>>> 
>>> Hi Andrei,
>>> 
>>> I took a quick peak at http://www.w3.org/2005/Incubator/webid/spec/tls/
>>> 
>>> I don't understand why the flowchart in 4.1 shows a social graph in step 3
>>> because at this stage you should only know if the resource is protected or not.
>>> If the resource isn't protected wouldn't you just be transferred to step 8?
>>> The social graph seems more appropriate for step 7.
>> 
>> The point is that if the resource has no ACL policy of if it allows
>> everyone to access it, then there is no need to authenticate the request
>> anymore.
> 
> Yes, this is stated in step 3.
> 
> I interpret your answer as WebID-TLS presumes a rather unusual Web server and TLS arrangement
> where resources are dynamically requesting TLS CCA (Client Certificate Authentication).
> 
> Personally I think it would be wiser sticking to the more established static protected/public
> notion and postpone authorization to step 7.

In that case you end up asking users for their certificate even if you don't need it,
which is not user friendly. But if you don't care about user friendliness, you can go
and ask for the certificate up front anyway. 

> 
> Anders
> 
>> 
>>> 
>>> Minor nit: Step 7 in the flowchart talks about access control rules in
>>> step 2.  Shouldn't it be step 3?
>> 
>> Step 2 is a rather long step, which contains all the subsequent steps.
>> 
>> -- Andrei
>> 
>>> 
>>> Anders
>>> 
>>>> We are proud to announce that on 2014-03-05, the WebID Community Group published
>>>> an updated set of drafts for the following specifications:
>>>> 
>>>> 	WebID - Web Identity and Discovery
>>>> 	WebID-TLS - Authentication over TLS
>>>> 
>>>> Participants contribute material to this specification under the W3C Community
>>>> Contributor License Agreement (CLA).
>>>> If you have any questions, please contact the group on their public list:
>>>> public-webid@w3.org.
>>>> 
>>>> 
>>>> 
>>>> ----------
>>>> 
>>>> This post sent on WebID Community Group
>>>> 
>>>> 
>>>> 
>>>> 'New official drafts published.'
>>>> 
>>>> http://www.w3.org/community/webid/2014/04/30/updated-specs/
>>>> 
>>>> 
>>>> 
>>>> Learn more about the WebID Community Group: 
>>>> 
>>>> http://www.w3.org/community/webid

Social Web Architect
http://bblfish.net/

Received on Thursday, 1 May 2014 14:04:38 UTC