It seems that some discussions are currently running on this topic in the authentication panel. We mentioned this during the community group call . Ping @elf-pavlik
opened 04:23AM - 15 Dec 22 UTC
Previous drafts were using `webid` in Subscription Response (Webhook, LDN). Rece… ntly we changed it to `sender`.
Commonly solid authentication provides two identities:
* client - the application (e.g. used by `acp:client` matcher)
* agent - the end user (e.g. used by `acp:agent` matcher)
I think having just single WebID as *sender* doesn't support case where access policy on the `target` should be based on two identities `client` and `agent`. We should consider supporting providing both identities for the sender.
opened 01:16PM - 16 Jan 23 UTC
protocol
Copied from ldn-channel-2023 (currently PR: https://github.com/solid/notificatio… ns/pull/147 , Preview: https://htmlpreview.github.io/?https://github.com/solid/notifications/blob/eced5e10b2d25ffe013310f5b3f51102e04cb627/ldn-channel-2023.html#authentication )
---
Details need to be further specified. The [Security Vocabulary](https://w3id.org/security) (or [The Cert Ontology](https://www.w3.org/ns/auth/cert), [WOT](http://xmlns.com/wot/0.1/)) can be used.
* Subscription Clients to share Notification Receiver's public key, where `sendTo` has a `controller` (which is the `receiver`).
* Subscription Servers to share Notification Sender's public key, where `sender` describes the key.
See Notification Channel Data Model ([preview](https://htmlpreview.github.io/?https://github.com/solid/notifications/blob/eced5e10b2d25ffe013310f5b3f51102e04cb627/ldn-channel-2023.html##notification-channel-data-model)) for example subscription requests and response including public keys.
Subscription Client lets the Notification Receiver know about the Notification Sender and their public key.
Notification Receiver sets Authorization rules for Notification Sender.
Notification Sender can optionally use [HTTP Message Signatures](https://httpwg.org/http-extensions/draft-ietf-httpbis-message-signatures.html).
2 Likes