Authentication with proxy and HTTP signature?

lecoqlibre · February 15, 2023, 2:54pm

It seems that some discussions are currently running on this topic in the authentication panel. We mentioned this during the community group call. Ping @elf-pavlik

github.com/solid/notifications

Notification Sender - authentication may require both identities client & agent (user)

opened 04:23AM - 15 Dec 22 UTC

elf-pavlik

Previous drafts were using `webid` in Subscription Response (Webhook, LDN). Rece…ntly we changed it to `sender`. Commonly solid authentication provides two identities: * client - the application (e.g. used by `acp:client` matcher) * agent - the end user (e.g. used by `acp:agent` matcher) I think having just single WebID as *sender* doesn't support case where access policy on the `target` should be based on two identities `client` and `agent`. We should consider supporting providing both identities for the sender.

github.com/solid/notifications

Authentication: exchanging public keys, signing messages

opened 01:16PM - 16 Jan 23 UTC

csarven

protocol

Copied from ldn-channel-2023 (currently PR: https://github.com/solid/notificatio…ns/pull/147 , Preview: https://htmlpreview.github.io/?https://github.com/solid/notifications/blob/eced5e10b2d25ffe013310f5b3f51102e04cb627/ldn-channel-2023.html#authentication ) --- Details need to be further specified. The [Security Vocabulary](https://w3id.org/security) (or [The Cert Ontology](https://www.w3.org/ns/auth/cert), [WOT](http://xmlns.com/wot/0.1/)) can be used. * Subscription Clients to share Notification Receiver's public key, where `sendTo` has a `controller` (which is the `receiver`). * Subscription Servers to share Notification Sender's public key, where `sender` describes the key. See Notification Channel Data Model ([preview](https://htmlpreview.github.io/?https://github.com/solid/notifications/blob/eced5e10b2d25ffe013310f5b3f51102e04cb627/ldn-channel-2023.html##notification-channel-data-model)) for example subscription requests and response including public keys. Subscription Client lets the Notification Receiver know about the Notification Sender and their public key. Notification Receiver sets Authorization rules for Notification Sender. Notification Sender can optionally use [HTTP Message Signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html).

Topic		Replies	Views
POD Authentification from another server (not solid) Build a Solid App	4	1074	November 16, 2018
How to authenticate an App with its own identity (e.g. WebID)? Solid App Development FAQs	4	1934	February 4, 2023
Unauthorized and Forbidden error while submitting request to create a new pod Solid App Development FAQs	1	881	June 9, 2019
Usage of as_uri WWW-Authenticate parameter Solid Specification	5	342	April 11, 2023
Authorizing requests using an indentity from a different provider Build a Solid App	7	537	June 20, 2021

Authentication with proxy and HTTP signature?

Related Topics