Re: Authentication Proposal -- Solid Cookies

On 5 February 2016 at 12:49, Kingsley Idehen <kidehen@openlinksw.com> wrote:

> On 2/5/16 6:07 AM, Melvin Carvalho wrote:
>
> Alice wishes to authenticate on Bobs server.
>
>    1. Alice sends her User: identity, and (optionally) a path to a
>    "cookie". The cookie is a resource that only Bobs server and Alice have
>    access to. The contents of the resource are a typical cookie with
>    unguessable string and expiry.
>    2. Bob's server compares the string sent from the browser and the
>    string in the file. If they match access is granted.
>
>
> Any comments on this idea?
>
>
> How do Alice and Bob create this cookie?
>

Alice creates it.  Using HTTP PUT of a random string in JavaScript.


> How do that control access to said cookie?
>

Same way as usual using WebAccessControl.


> How many cookies come into existence as the contact network membership of
> both individuals grows?
>

One per origin, but they can be deleted.  Just like your cookies folder in
the browser.


>
> --
> Regards,
>
> Kingsley Idehen 
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog 1: http://kidehen.blogspot.com
> Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
>
>

Received on Friday, 5 February 2016 11:54:26 UTC