W3C home > Mailing lists > Public > public-webid@w3.org > June 2017

Re: WebKey - was: WebID-protected WebID document

From: Jonas Smedegaard <jonas@jones.dk>
Date: Wed, 21 Jun 2017 23:33:01 +0200
To: Martynas Jusevičius <martynas@atomgraph.com>, Henry Story <henry.story@bblfish.net>
Cc: public-webid <public-webid@w3.org>
Message-ID: <149808078146.2210.537566694806611196@auryn.jones.dk>
Hi Martynas,

Quoting Martynas Jusevičius (2017-06-21 21:37:24)
> Sorry, I should have been clearer.
> 
> The setup I was describing is where the server also includes a client 
> and is requesting its own (WebID-protected) resources, and is hosting 
> the WebID profiles themselves.
> 
> Say
> 
> GET http://localhost/some/doc
> Accept: text/html
> 
> from a web browser may lead to
> 
> GET http://localhost/
> Accept: text/turtle
> 
> from the internal client.
> 
> The loop issue happens when a request is authenticated by 
> dereferencing the WebID URI, but that leads to a new request which 
> again has to be authenticated the same way, and so on and on. Unless 
> the WebID documents are made public not only in the ACL but also SSL 
> sense, as I described previously.

I believe WebID protocol does not require that access to reading the 
WebID URL be private.

If you choose to restrict read access to the WebID to only people who 
themselves identy using WebID, then it is on you to ensure to not create 
a loop, e.g. when reading your own WebID.


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private

Received on Wednesday, 21 June 2017 21:33:40 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 21 June 2017 21:33:41 UTC