Aaron Coburn

WebID profiles incorporate the `foaf:PersonalProfileDocument` type as a [non-normative example](https://www.w3.org/2005/Incubator/webid/spec/identity/#webid-profile-vocabulary) from that draft specification. The Solid-OIDC draft has very consciously chosen _not_ to call Client Identifier documents WebID profiles. So...

>> I send an HTTP/LDP command via the terminal > I think we should look for approach where even such generic http clients (eg. curl) can act as oauth client...

> some resources need to be accessable regardless of the client, i.e. before the client is given access That is fine. Then set the authorization rules such that _any_ client...

@wouteraj this conversation is going in circles. If _you_ want your application registry set to be accessible to any client including one that does not declare its identity, then set...

> Also: I'll interpret the fact that you tagged my boss in that complaint instead of me as an unhappy mistake of names wink I hope it wasn't meant another...

It is possibly worth noting that authorization decisions based on incoming Origin headers are very problematic. While I suspect that NSS supports Origin headers as a proxy for identifying apps,...

Even as XSS protection, it's terribly easy to circumvent.

> > Even as XSS protection, it's terribly easy to circumvent. > > How does one do that? Easy. Say you have an app that would ordinarily send Origin headers...

There are a few different things going on here. First, there are some invalid formulations: ``, ``, ``, `` and `` are invalid and would be ignored: none has an...

I very much agree with @zenomt in https://github.com/solid/authorization-panel/issues/73#issuecomment-671075325 for all of the reasons listed there.