W3C home > Mailing lists > Public > public-xg-webid@w3.org > October 2011

Re: WebID-ISSUE-60 (Auth-Header): HTTP Auth Header for WebID [WebID Spec]

From: Henry Story <henry.story@bblfish.net>
Date: Mon, 31 Oct 2011 10:34:06 +0100
Message-Id: <2879886F-42D8-4174-9B5E-3477055305AF@bblfish.net>
To: WebID Incubator Group WG <public-xg-webid@w3.org>
As it happens there is just now a discussion in the HTTP working group on this subject
"add advice on defining auth scheme parameters"

http://lists.w3.org/Archives/Public/ietf-http-wg/2011OctDec/0116.html

Henry


On 31 Oct 2011, at 10:23, WebID Incubator Group Issue Tracker wrote:

> 
> WebID-ISSUE-60 (Auth-Header): HTTP Auth Header for WebID [WebID Spec]
> 
> http://www.w3.org/2005/Incubator/webid/track/issues/60
> 
> Raised by: Thomas Bergwinkl
> On product: WebID Spec
> 
> An HTTP header scheme for clients to tell the server that they supports WebID authentication.
> This was brought up by Bruno Harbulot over a year ago, and a few times earlier on the list. Most recently by Bergi http://lists.w3.org/Archives/Public/public-xg-webid/2011Oct/0194.html
> 
> Useful for 
> - robots that may want to be authenticated immediately ( and not wait for the more human friendly redirect to a authentication page)
> - clients that do have WebIDs but whose server software only accepts NEED TLS reconnections - in which case the server would like to know if the client has the certificate, because asking for it will otherwise break the tls connection drastically
> - Is it also useful for the client to know that the server can do it? Is that something to put in the header? Perhaps only isofar as setting an http header from the code, could lead engines to do the lower leve reconnect.
> 
> 
> Mike Amundsen points to the following specs on which to build:
> 
> Check out the WWW-Authenticate header[1] for details on how servers
> can list various supported schemes and how clients can id and select
> them.
> 
> There is also an I-D[2] underway to create a public registry for new
> HTTP auth schemes.
> 
> Finally, you might be interested in a recent I-D[3] that is trying to
> make it easy for clients and servers to support new auth schemes.
> 
> [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47
> [2] http://tools.ietf.org/html/draft-ietf-httpbis-authscheme-registrations-02
> [3] http://tools.ietf.org/html/draft-oiwa-http-auth-extension-00
> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Monday, 31 October 2011 09:34:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:47 UTC