Bruno Harbulot wrote:
Hi all,
I'll start by a list of points that could be standardized (open questions).
First, on the authentication part:
1. Standardizing the representation format: RDF/XML, RDFa, N3?
-1
2. Standardizing the vocabulary.
+1
3. Standardizing the data we expect to store in the X.509 certificate.
+1
4. Standardizing the delegated login procedure.
Should this be part of this specification or another specification?
fwiw & imho, under another spec - as that delegated login would still
have to use 'this' spec to do the actual login
5. Addressing the issue of signed RDF assertions or comparison with
other repositories of keys.
So far, we've been using a simple dereferencing of the WebID to do the
verification. It's OK, but it doesn't really improve the security
compared to OpenID. There is potential to improve the security by using
the keys of course. How far do we want to go there?
easy either way on this one, would also be interested to see if we can
get a fingerprint in to the webid.
Secondly, on the authorization part, it's all the work about ontologies
for ACLs. Should this belong to the same specification? I see this as a
separate issue (although equally interesting).
v interested in this one myself, perhaps separate, perhaps separate spec
under same working group or suchlike..
Best,
Nathan
