W3C home > Mailing lists > Public > public-webid@w3.org > June 2017

Verifying WebID fails

From: Martynas Jusevičius <martynas@atomgraph.com>
Date: Wed, 28 Jun 2017 00:33:07 +0200
Message-ID: <CAE35VmxEXDdtb-tyGABe02US=bKWoFfBfxM064D5m2Pu9ch_3A@mail.gmail.com>
To: public-webid <public-webid@w3.org>
Hi,

I think there is another case where failure scenario is not defined in
protocol: verifying the WebID.

What happens if the certificate key does not match the WebID key? None of
the verification steps or sections seem to consider that. I suggest again
that a 400 Bad Request should be returned.

I think it is important for the protocol to handle failures if we want
robust implementations.

Is this group active enough to fix such issues?


Martynas
Received on Tuesday, 27 June 2017 22:33:41 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 27 June 2017 22:33:41 UTC