On 16 May 2011, at 21:40, Reto Bachmann-Gmuer wrote: > Hi Henry > > > I was trying to understand the recent changes around webid authentication. > > I understand that the verification of WebId has been moved to the SSL > layer to the http layer. > > A comment in X509TrustManagerWrapperService says: //At this level we > just check if there are webids
yes. > > While FoafSslAuthentication says: > /** > * Here we no longer care about verifying the web-id claims as this should > * already have been done by X509TrustManagerWrapperService > */ > I assume the second comment is outdated. yes, that is probably outdated. > I'm trying to understand the > current working. I see the WebIDClain and X509Claim and theirs class > description (scala-doc comments) seem almost identical. Which issue > motivated the change of the layer for the WebId verification? Quite a number of issues. Non testabaility is one. And the user interaction is very bad. > > Cheers, > Reto Social Web Architect http://bblfish.net/
