- From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Mon, 31 Oct 2011 09:23:40 +0000
- To: public-xg-webid@w3.org
WebID-ISSUE-60 (Auth-Header): HTTP Auth Header for WebID [WebID Spec] http://www.w3.org/2005/Incubator/webid/track/issues/60 Raised by: Thomas Bergwinkl On product: WebID Spec An HTTP header scheme for clients to tell the server that they supports WebID authentication. This was brought up by Bruno Harbulot over a year ago, and a few times earlier on the list. Most recently by Bergi http://lists.w3.org/Archives/Public/public-xg-webid/2011Oct/0194.html Useful for - robots that may want to be authenticated immediately ( and not wait for the more human friendly redirect to a authentication page) - clients that do have WebIDs but whose server software only accepts NEED TLS reconnections - in which case the server would like to know if the client has the certificate, because asking for it will otherwise break the tls connection drastically - Is it also useful for the client to know that the server can do it? Is that something to put in the header? Perhaps only isofar as setting an http header from the code, could lead engines to do the lower leve reconnect. Mike Amundsen points to the following specs on which to build: Check out the WWW-Authenticate header[1] for details on how servers can list various supported schemes and how clients can id and select them. There is also an I-D[2] underway to create a public registry for new HTTP auth schemes. Finally, you might be interested in a recent I-D[3] that is trying to make it easy for clients and servers to support new auth schemes. [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47 [2] http://tools.ietf.org/html/draft-ietf-httpbis-authscheme-registrations-02 [3] http://tools.ietf.org/html/draft-oiwa-http-auth-extension-00
Received on Monday, 31 October 2011 09:23:52 UTC