The Mechanism for the IdP to confirm app WebId ownership should be detailed

solid / authentication-panel

GitHub repository for the Solid Authentication Panel

MIT License

11 stars 15 forks source link

The Mechanism for the IdP to confirm app WebId ownership should be detailed #54

Closed jaxoncreed closed 4 years ago

jaxoncreed commented 4 years ago

Currently the spec states:

The client presents its WebID to the IdP and requests an Authorization Code.

But there is no requirement in the spec for IdPs to implement a mechanism that confirms the application's possession of that WebId. This is important because if an app can claim to be any WebId, it will mess up the access control system down the line.

elf-pavlik commented 4 years ago

I think this one duplicates #52

jaxoncreed commented 4 years ago

You are correct.