ISSUE-60: HTTP Auth Header for WebID

Auth-Header

HTTP Auth Header for WebID

State:
RAISED
Product:
WebID-authn-TLS-spec
Raised by:
Thomas Bergwinkl
Opened on:
2011-10-31
Description:
An HTTP header scheme for clients to tell the server that they supports WebID authentication.
This was brought up by Bruno Harbulot over a year ago, and a few times earlier on the list. Most recently by Bergi http://lists.w3.org/Archives/Public/public-xg-webid/2011Oct/0194.html

Useful for
- robots that may want to be authenticated immediately ( and not wait for the more human friendly redirect to a authentication page)
- clients that do have WebIDs but whose server software only accepts NEED TLS reconnections - in which case the server would like to know if the client has the certificate, because asking for it will otherwise break the tls connection drastically
- Is it also useful for the client to know that the server can do it? Is that something to put in the header? Perhaps only isofar as setting an http header from the code, could lead engines to do the lower leve reconnect.


Mike Amundsen points to the following specs on which to build:

Check out the WWW-Authenticate header[1] for details on how servers
can list various supported schemes and how clients can id and select
them.

There is also an I-D[2] underway to create a public registry for new
HTTP auth schemes.

Finally, you might be interested in a recent I-D[3] that is trying to
make it easy for clients and servers to support new auth schemes.

[1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.47
[2] http://tools.ietf.org/html/draft-ietf-httpbis-authscheme-registrations-02
[3] http://tools.ietf.org/html/draft-oiwa-http-auth-extension-00
Related Actions Items:
No related actions
Related emails:
  1. NEED/WANT TLS mode & JavaScript (from henry.story@bblfish.net on 2013-11-03)
  2. Re: WebID-ISSUE-60 (Auth-Header): HTTP Auth Header for WebID [WebID Spec] (from henry.story@bblfish.net on 2011-10-31)
  3. Re: WebID-ISSUE-60 (Auth-Header): HTTP Auth Header for WebID [WebID Spec] (from ddooss@wp.pl on 2011-10-31)
  4. WebID-ISSUE-60 (Auth-Header): HTTP Auth Header for WebID [WebID Spec] (from sysbot+tracker@w3.org on 2011-10-31)

Related notes:

No additional notes.

Display change log ATOM feed


Henry Story <Henry.Story@bblfish.net>, Chair, Dominique Hazaƫl-Massieux <dom@w3.org>, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: index.php,v 1.326 2018/10/13 17:29:51 vivien Exp $