What I think would be helpful would be a table of auth mechanisms, something like:
This table should be used as a rough guide, not as black and white
| Name | URI used | Verification | Required | Implemented |
|---|---|---|---|---|
| WebID TLS | WebID | TLS | Y | Y |
| Cookie | implied | Shared Secret | Y | Y |
| WebID RSA | WebID | Web Crypto API | N | Y |
| HTTP Signatures | Public Key | Web Crypto API | N | N |
| SPOT* | Document? | Pod | N | N |
Note: there is still an open issue on the spot proposal page
Not yet in the table
- Dialback (need to write up in solid context)
- Indieauth (similar to spot) needs to be modified and/or written up in solid context?
- Solid Cookies (I would need to write up the proposal)
- OAuth based auth (needs fleshing out)