clarify WebID-TLS #140
clarify WebID-TLS #140
Conversation
|
Can you share the implementation reports indicating where WebID-TLS "doesn't seem to have any more a special role in solid ecosystem"? I would've expected some reasonable documentation, data, minutes etc backing up the case for downplaying WebID-TLS to the extent you propose. I don't see it in this repo or in the authn-panel repo. Perhaps I missed? This is not to imply that that is not a preferable direction to take in the spec, but considering where Solid is coming from - essentially why we had WebID-TLS to begin with - I think it'd be appropriate to capture the whys, give interested parties a chance to respond... before making the call. |
|
Part of what the WebID group could produce is a report on what the problems with the protocol One issue has been for example client side renegotiation in HTTP2.0. The advantage of WebID-TLS is that it is integrated into the browser. The disadvantage is that it is. The dual of this is that anything we invent eg WebID over HTTP-Signatures is not integrated into the browser, and so is flexible, but then requires building everything related such as a keychain. Note that HTTP-Signatures is now being considered for starndardisation by the HTTP-WG. |
|
Please see: Removed references to TLS as primary auth method #171 I think solid spec might go with MAY and just reference https://www.w3.org/2005/Incubator/webid/spec/tls/ If we decide to go with MAY I think we should document somewhere, maybe something like charter in process repo, who would want to take responsibility of resolving issues related to WebID-TLS and set clear scope for those responsibilities. Myself I rather focus on MUST mechanism and until we have this one stable don't divide effort on any of the possible MAYs. |
I would like to ask if anyone plans to prioritize any WebID-TLS related work over all the other work needed. I really think that what this PR proposes can help us not to get distracted by WebID-TLS, by simply acknowledging its historical role in Solid and warning that one can not rely on broad support for WebID-TLS in Solid ecosystem. |
|
@elf-pavlik does this pull request have the support of the other members of the authentication panel? If so, and we could see endorsement from panel members, that would be helpful. |
|
+1, although having TLS-key as alternative login-method could go with MAY seems to be good... |
|
@elf-pavlik and others - there seems to be general agreement on the substance of this pull from editors, authentication panel members, and prior threads. There's a large refactoring of this Solid ecosystem document in progress to extract the core solid client/server protocol into it's own document. Authentication modes will be included, and we anticipate that the substance of this pull will be covered when that is done. We can leave this pull open in the meantime, but it's likely that different text will be needed to address the substance of your submission in that new format. |
|
Reflected in 43a0cc7 . Thanks! |
|
I still see webid-tls directory in the root. |
|
That wasn't particularly in use. Removed now. Nighty night. |
During today's authentication call we discussed WebID-TLS with @dmitrizagidulin and @bblfish. We thought that mentioning it in non-normative section will suffice.
I also think that solid project doesn't need to take any responsibility for WebID-TLS spec itself since it doesn't seem to have any more a special role in solid ecosystem.
I keep in mind #114 but for now we can just use WebID-OIDC and rename everything once we resolve that naming issue.