Authentication and authorization as influences on the content of
responses [foaf-dev]
Etan Wexler
ewexler at stickdog.com
Tue Jan 22 19:40:59 GMT 2008
Henry Story (as “Story Henry”) wrote to the FOAF developers’ list (see
<http://lists.foaf-project.org/mailman/listinfo/foaf-dev>) on 2008-01-13
in “[foaf-dev] for more information please log in”
(<http://lists.foaf-project.org/pipermail/foaf-dev/2008-January/008793.html>):
> If a foaf file is to return different representations depending on the
> authentication level of the person looking at it, there needs to be some
> way for the foaf file to say that. Something like: for a larger view you
> may want to log in there: http://...
>
> Any thoughts on this?
A FOAF file does not return representations and so cannot return
different representations. A document that uses terms from the
Friend-of-a-Friend vocabulary and the document’s metadata can constitute
a representation. An origin server may send a response whose entity is
such a representation, in which case the entity-body is a FOAF file, if
I understand the phrase “FOAF file”.
The World Wide Web has mechanisms for authentication, authorization, and
access control. I plead the case for using what exists. I fail to see
the need for further effort and I offer the following HTTP exchanges as
illustration.
GET /people/henry/card HTTP/1.1
Host: bblfish.example
HTTP/1.1 200 OK
Date: Mon, 14 Jan 2008 02:40:20 GMT
Last-Modified: Sun, 16 Dec 2007 20:16:33 GMT
Vary: Authorization
WWW-Authenticate: Digest nonce="familial nonce 0",
realm="Henry's stuff for Henry's family",
domain="http://bblfish.example/people/henry/card",
Digest nonce="friendly nonce 0",
realm="Henry's stuff for Henry's friends",
domain="http://bblfish.example/people/henry/card",
Digest nonce="omniscient nonce 0",
realm="Henry's stuff for those who see all"
domain="http://bblfish.example/people/henry/card"
Etag: "res publica"
Content-Length: 139
Content-Type: text/rdf+n3; charset=utf-8
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
<http://bblfish.example/people/henry/card#me>
a foaf:Person;
foaf:givenname "Henry".
GET /people/henry/card HTTP/1.1
Host: bblfish.example
Authorization: Digest username="friend",
realm="Henry's stuff for Henry's friends",
nonce="friendly nonce 0",
uri="/people/henry/card",
response="8f8b71112b1a41baec644a503ecd77c7"
HTTP/1.1 200 OK
Date: Mon, 14 Jan 2008 02:40:21 GMT
Last-Modified: Sun, 16 Dec 2007 20:16:33 GMT
Vary: Authorization
WWW-Authenticate: Digest nonce="familial nonce 1",
realm="Henry's stuff for Henry's family",
domain="http://bblfish.example/people/henry/card",
Digest nonce="friendly nonce 1",
realm="Henry's stuff for Henry's friends",
domain="http://bblfish.example/people/henry/card",
Digest nonce="omniscient nonce 1",
realm="Henry's stuff for those who see all"
domain="http://bblfish.example/people/henry/card"
Etag: "cosa nostra"
Content-Length: 197
Content-Type: text/rdf+n3; charset=utf-8
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
<http://bblfish.example/people/henry/card#me>
a foaf:Person;
foaf:givenname "Henry";
foaf:family_name "Story";
foaf:name "Henry J. Story".
I welcome any corrections to the HTTP messages just given. Most of all,
I welcome explanations of deficiencies in the chosen approach.
--
Etan Wexler.
“Don’t misunderestimate the Internets.”
More information about the foaf-dev
mailing list