- From: Nathan <nathan@webr3.org>
- Date: Tue, 06 Jul 2010 17:57:31 +0100
- To: Bruno Harbulot <Bruno.Harbulot@manchester.ac.uk>
- CC: Thomas Roessler <tlr@w3.org>, Tim Berners-Lee <timbl@w3.org>, Harry Halpin <hhalpin@w3.org>, foaf-protocols@lists.foaf-project.org, Ivan Herman <ivan@w3.org>, Ian Jacobs <ij@w3.org>, Jeffrey Jaff <jeff@w3.org>, www-archive <www-archive@w3.org>, Henry Story <henry.story@gmail.com>
Bruno Harbulot wrote: > Hi all, > > I'll start by a list of points that could be standardized (open questions). > > First, on the authentication part: > > 1. Standardizing the representation format: RDF/XML, RDFa, N3? -1 > 2. Standardizing the vocabulary. +1 > 3. Standardizing the data we expect to store in the X.509 certificate. +1 > 4. Standardizing the delegated login procedure. > Should this be part of this specification or another specification? fwiw & imho, under another spec - as that delegated login would still have to use 'this' spec to do the actual login > 5. Addressing the issue of signed RDF assertions or comparison with > other repositories of keys. > > So far, we've been using a simple dereferencing of the WebID to do the > verification. It's OK, but it doesn't really improve the security > compared to OpenID. There is potential to improve the security by using > the keys of course. How far do we want to go there? easy either way on this one, would also be interested to see if we can get a fingerprint in to the webid. > Secondly, on the authorization part, it's all the work about ontologies > for ACLs. Should this belong to the same specification? I see this as a > separate issue (although equally interesting). v interested in this one myself, perhaps separate, perhaps separate spec under same working group or suchlike.. Best, Nathan
Received on Tuesday, 6 July 2010 16:58:25 UTC