- From: Thomas Fritz <fritztho@gmail.com>
- Date: Wed, 31 Aug 2011 14:52:19 +0200
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: WebID List <public-xg-webid@w3.org>
Hi Wouldn't it be possible to take the users client certificate and make a https request (instead of http) back to his foaf profile from the authentication requesting server. This server could then check if the certificate is the same as the owners certificate. But even if this would work (anyone knows if this is technically possible?) its just one step. Because a user also wants to select which data he wants to give away to the the requesting site. In fact there has to be an extra step - like in openid - where the user gets redirected to the profiles provider, etc. etc. Any thoughts? Kind regards --- Thomas FRITZ web http://fritzthomas.com twitter http://twitter.com/thomasf 2011/8/31 Melvin Carvalho <melvincarvalho@gmail.com>: > On 31 August 2011 13:08, Thomas Fritz <fritztho@gmail.com> wrote: >> Hi >> >> How can users protect their foaf profile so it is not publicly >> available to everyone. >> How can this be implemented so, i as the profile owner, can select >> which data i want to give to the authentication site. >> >> In all diagrams there is the assumption that the foaf profile can >> publicly accessed. > > I think generally this will be the next thing to standardize after the > WebID spec is finished. > > But current details are here: > > http://www.w3.org/wiki/WebAccessControl > >> >> >> >> --- >> Thomas FRITZ >> web http://fritzthomas.com >> twitter http://twitter.com/thomasf >> >> >
Received on Wednesday, 31 August 2011 12:53:06 UTC