Henry Story
Henry Story
It would be interesting to get a review of the cost of implementing WebID-OIDC, in terms of - specs to read and understand - implementation of those specs - http...
They are stored in the browser's indexDB database in an encrypted form that not even the application JS can see (see the [HTTP-Signature issue I opened on the solid-spec repo](https://github.com/solid/solid-spec/issues/52)...
I suppose you disagree then with the browser vendors who claim it is secure. (the same people btw. who claimed that keygen was insecure btw, so they must have very...
Is there a paper that you can refer to that explains the security problem with the JS Crypto private key storage?
"Fairly obvious", does not help make a case. For example, it did not seem to be obvious to the security people in charge of the approved W3C spec on [JS...
I look forward to you pointing to those OAuth and OpenID Connect formal proofs when you get back to your desk. That will be important because without them it is...
@elf-pavlik > does your implementation use (can use) a different private key for each origin? When I wrote this a year and a half ago, applications were identified per origin....
Simplicity is an essential value for pragmatic reasons: to get going Solid needs implementations which can only be built with finite resources. The more complex things become the more costly....
I don't think I have seen any work to show that SAI would be able to act as a minimal interface between ACP and WAC. We started work to show...
I think this question also belongs into the topic of metadata editing. Here is another use case for why setting Cache-Control or time to live headers is important. > A...