RE: self-signed

> I read anonymous user to be not authed, the default state, as in nothing 
> happened, you're not logged in so you'll be asked to try again or for 
> some other form of id. Rather than you'll be authed with no auth 
> details. Perhaps just needs the text clarified a little.

My initial reading was the latter, but  it doesn't make sense… if you can't fetch the FOAF, you can't do the round-trip of the pubkey, and so you can't actually use that URI to identify the authenticating entity — so, yes, this needs to be clear.

> Yes as you say it's essentially the same thing, it's an authentication 
> failure, no need to limit what a WebID is beyond saying "a valid IRI" - 
> we gain nothing at all by adding such a constraint.

You do when it comes to conformance testing: as I said umpteen e-mails ago, if I'm building a server, how will I know what schemes people are expecting to use when they're authing with me — that has to be written down somewhere and testable before I can say “Log in with your WebID” :)

M.


http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
					

Received on Tuesday, 19 April 2011 19:23:36 UTC