Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authorization agent should check Resource Owner's address book if it includes requesting End-user's WebID #96

Closed
Tracked by #302
elf-pavlik opened this issue Apr 10, 2021 · 2 comments
Closed
Tracked by #302

authorization agent should check Resource Owner's address book if it includes requesting End-user's WebID #96

elf-pavlik opened this issue Apr 10, 2021 · 2 comments
Labels
data-authorization social graph Contacts, Address Book, Social Agents

Comments

@elf-pavlik
Copy link
Member

elf-pavlik commented Apr 10, 2021
edited
Loading

Based on conversation in solid/authentication-panel#161 (comment)

TL;DR phishing WebIDs using different cases IRIs or characters that just look similar to human eye

As we work on workflows to request access, in cases where End-user (not a Client) requests access, authorization agent should check if that End-user exists in Resource Owner's address book and mark it clearly on the consent screen.
@elf-pavlik elf-pavlik changed the title authorization agent should check user's address book if it includes Requestin Party authorization agent should check Resource Owner's address book if it includes requesting End-user's WebID Apr 10, 2021
@elf-pavlik elf-pavlik added the social graph Contacts, Address Book, Social Agents label Sep 1, 2021
@elf-pavlik elf-pavlik mentioned this issue Feb 10, 2022
Open
@elf-pavlik
Copy link
Member Author

related #214

@elf-pavlik elf-pavlik mentioned this issue Feb 27, 2023
Open
7 tasks
@elf-pavlik
Copy link
Member Author

Overall work is being tracked in #302, a planned approach that verification and creates agent registrations happens before any specific data is shared or access requested.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
data-authorization social graph Contacts, Address Book, Social Agents
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@elf-pavlik