Re: Web ID as passwordless authentication for debian web services
Le 16/05/2013 20:40, Russ Allbery a écrit :
> What am I missing?
>
> I suppose one thing that I could be missing is that, with a certificate,
> you have no privacy controls over what metadata you release. Whatever you
> put in the certificate is visible to anyone who looks at the certificate.
> (Well, you could encrypt it and then distribute a separate key, but that's
> getting into pointless complexity.) Whereas in theory your WebID endpoint
> could release different metadata depending on who asks. [...]
I understood that as the main point of WebID.
> [...] But since WebID
> doesn't authenticate the entity asking for metadata, I'm not sure that's
> really what's going on.
The entity asking for metadata can authenticate using the same
mechanism... as Jonas pointed out, WebID works also for inter-server
authentication.
Cheers,
--
Stéphane
Reply to: