2017/Nuremberg/private

From IndieWeb

Private posts and webmentions was a session at IndieWebCamp Nuremberg 2017.

Notes archived from: https://etherpad.indieweb.org/private


IndieWebCamp Nuremberg 2017

Session: Private posts and webmentions

When: 2017-05-20 13:30

Participants

  • Aaronpk
  • Rene
  • Martin
  • Sebastian
  • Jan Sauer
  • Julie Anne Noying
  • Sebastian Greger
  • Alex
  • Christian Weiske
  • Sebastiaan Andeweg
  • Sven Knebel
  • ...add names and URLs

Notes

  • posts normally public -> webmention works
  • private posts require access control. Webmention can't auth - it fails
  • first β€œstandardized” step: webmentions for private posts
  • general log in for viewing posts is a bigger problem
  • description of how it it works by aaronpk read up on private-webmention

Steps of this sessions:

  • try to find out the security implications of the extra-code step

The webmentions queue should generate the token at the time of sending the webmention.

  • what about retrying webmentions?
  • What about resending webmentions?

cweiske uses stapibas to send webmentions. External component, how does it get tokens for private posts?

The 401 and possibly 403 headers should be set at a dynamic place, but for static sites it can be done at the server (Apache, Ngnix) layer.


verification has to be done fast, problematic with queues

Later steps:

  • make a matrix of implementations talking to other implementations