[jira] [Commented] (CLEREZZA-490) WebProxy agent should identify itself with admin WebID

["Reto Bachmann-Gmür (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/CLEREZZA-490?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13031169#comment-13031169 ] 

Reto Bachmann-Gmür commented on CLEREZZA-490:
---------------------------------------------

I'd suggest to have a different identity for the instance as for admin. The proxy should act as the user with the least priviledges not as the one with the most.

> WebProxy agent should identify itself with admin WebID
> ------------------------------------------------------
>
>                 Key: CLEREZZA-490
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-490
>             Project: Clerezza
>          Issue Type: Improvement
>            Reporter: Henry Story
>   Original Estimate: 24h
>  Remaining Estimate: 24h
>
> The WebProxy makes requests to other servers which may be other WebID enabled servers that may request the identity of the user. What identity should the server use if it needs to identity itself?
> Initially at least, and for sake of simplicity,  I think that agent should be the administrator - ie /user/admin/profile#me . The public key should be the one with which the SSL session is started.  That key will be CA signed usually. It will be easy to use that certificate+private key to build a self signed certificate for WebID authentication, on WebProxy startup. The public key should then be added to the admin user's profile, (and removed when that profile is changed).
>  
> This should also reduce certain number of exceptions being thrown when the server connects to itself via ssl. In fact when it does connect to itself, the connection should be a non encrypted ssl connection.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira