From: regext <[email protected]> On Behalf Of Pawel Kowalik Sent: Thursday, October 6, 2022 7:24 PM To: Andrew Newton <[email protected]> Cc: [email protected] Subject: [EXTERNAL] Re: [regext] WGLC: draft-ietf-regext-rdap-openid-17
Caution: This email originated from outside the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. Comment inline On Thu, Oct 6, 2022 at 8:22 AM Pawel Kowalik <mailto:[email protected]> <[email protected]> wrote: In my opinion the WG shall get the consensus around whether these web application related use-cases shall be supported in order to move forward with the WGLC. Can you elaborate on what you mean by "web application"? Do you mean an application that is not the user-agent? Either an application running directly in the browser, like SPA, or the application running on the server side and just rendered in the browser. [SAH] Let me try to check my understanding: what you’re describing is a situation in which the RDAP client is software running on a web server, right? If so, the RDAP-client-side web server (call it WS1) needs to manage sessions for its users, and the web server that’s running the RDAP server (call it WS2) needs to manage sessions for its clients. The challenge here is that the only “client” the RDAP server sees is WS1, and it has no knowledge of WS1’s users. To identify, authenticate, and authorize the users of WS1, we need features that support definition of sessions for those users on both WS1 and WS2. Is that correct? Scott
_______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
