You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The domain is a natural identity for a Subject with global properties, e.g. a security secret [2].
For some apps it may also be dereferenceable as a web resource [1].
At present in the Javascript engine the domain value is constrained to be a DNS domain name.
Suggested steps:
For DNS-style domain names (i.e. those matching the DNS name regex), the canonical Subject name for the domain global Subject should be http://${domain}/ – i.e. the root resource with the HTTP protocol. Update: implemented in Whole domain authorisation m-ld-js#85
In future, domain names should be derestricted to be any IRI. If a context @base is provided, the @domain is resolved against it. (Since a DNS domain name is not a valid IRI, point 1 continues to hold.)
The domain is a natural identity for a Subject with global properties, e.g. a security secret [2].
For some apps it may also be dereferenceable as a web resource [1].
At present in the Javascript engine the domain value is constrained to be a DNS domain name.
Suggested steps:
http://${domain}/
– i.e. the root resource with the HTTP protocol. Update: implemented in Whole domain authorisation m-ld-js#85@base
is provided, the@domain
is resolved against it. (Since a DNS domain name is not a valid IRI, point 1 continues to hold.)[1] @gsvarovsky in #75 (comment)
[2] https://github.com/m-ld/m-ld-security-spec/blob/main/design/suac.md#ontology
The text was updated successfully, but these errors were encountered: