Not logged in : Login

About: http://ods-qa.openlinksw.com:8896/proxy-iri/8daaa3952aa87d1ab936237885f6d6263fc31332     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : schema:DiscussionForumPosting, within Data Space : ods-qa.openlinksw.com:8896 associated with source document(s)

AttributesValues
type
datePublished
publisher
described by
mainEntityOfPage
interactionStatistic
author
position
  • #1
  • #2
dateModified
articleBody
  • Usually, when I go to some sort of web-application provider, I must create a login/account with them and register to user their paid services. But with Solid we expect users to authenticate with thier WebId, meaning users already have an account elsewhere - do we then want them to create yet another account for the specific web-application? Potentially meaning they need to login twice to access the service? It seems to me that there should be an easy-to-use standard Solid way of linking accounts, such that the web-app service provider can detect a new login from a WebId, inform the user immediately that they are newcomers to the service and would they, please, fill-out the payment details (or select the free plan), fetch as much information as possible from the WebId profile, and then automatically link the WebId account with their own automatically generated account. Maybe this is all well-known, but perhaps it was worth having this kind of workflow well defined in the Solid “best practice” documentation.
  • This raises another question - in order to allow the web-app’s server to link the WebId with some internal account, the web-app/browser must be able to prove it’s WebId to the server. Unfortunately the server was never involved in the login process which is strictly confined to the browser and the web-app’s javascript code, so the server has no knowledge of that process. The web-app cannot simply POST it’s WebId to the server since anybody else would be able to do the same with any WebId they wanted. Neither can the web-app build a signed OpenID Connect token to POST as the signing key would be available to anyone that can read the javascript code. So how does the web-app / browser-javascript-code prove the WebId it received to the server it is served from? Is there any token of some sort the web-app can send to the server and allow it to validate it with the remove WebId identity provider?
interactionCount
  • UserComments:0
  • UserLikes:1
headline
  • Registering paying users for a web-app
is topic of
is container of of
is object of
is subject of
Faceted Search & Find service v1.17_git55 as of Mar 01 2021


Alternative Linked Data Documents: ODE     Content Formats:       RDF       ODATA       Microdata      About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3320 as of Jan 15 2021, on Linux (x86_64-generic-linux-glibc25), Single-Server Edition (7 GB total memory)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2021 OpenLink Software