Michael Thornburgh
Michael Thornburgh
> What if the user can send a header that says only "I am talking to the metadata, not the resource" such that a GET on foo.png with that header...
@jeff-zucker and i had an extended chat in gitter yesterday on the metadata/.meta/RDF-for-non-RDF subject, from https://gitter.im/solid/chat?at=5d239e3ef5dd1457424db97d to https://gitter.im/solid/chat?at=5d23f858b0027d2b199ab085 (sadly i don't know of a good way to copy that part...
on reflection and a closer reading of https://www.w3.org/TR/ldp/#ldpc-container , especially section 5.2.3.12, i think that `rel="describedby"` is what was intended in LDP for "where to put linked data that would...
> ... there are basically two places where the attenuation decision can go: on Bob's profile/pod, or inside the bearer token. since the decision of whether to grant access to...
the [authorization and access control panel](https://github.com/solid/authorization-and-access-control-panel) has been exploring the general problem of app permissions, including that the user should be free to choose which apps to use (or not...
i mean that the OPTIONS request is on /profile/card, and the returned Link for an OIDC issuer would be for /profile/card, but the webid of interest is /profile/card#me. that only...
to put it a slightly different way: the first step in "Issuer Discovery From Link Header" says "1. Make an HTTP OPTION [sic] request to the WebID URI." but that's...
> Down the road, this will be addressed with OAuth2 application tokens. can you elaborate or link to what you mean here? i'm not sure what an "OAuth2 application token"...
@RubenVerborgh sorry, i still don't understand. assuming you're referring to the "Application-only authentication" mode on that page (since the "Application-user authentication" case is substantially the same as OIDC), for the...
> Bots with WebIDs already sound good, but we haven't figured out the auth details for them (currently it's username/password with cookies). all you need is for the app/bot's webid...