2017/Nuremberg/private
Private posts and webmentions was a session at IndieWebCamp Nuremberg 2017.
Notes archived from: https://etherpad.indieweb.org/private
IndieWebCamp Nuremberg 2017
Session: Private posts and webmentions
When: 2017-05-20 13:30
Participants
- Aaronpk
- Rene
- Martin
- Sebastian
- Jan Sauer
- Julie Anne Noying
- Sebastian Greger
- Alex
- Christian Weiske
- Sebastiaan Andeweg
- Sven Knebel
- ...add names and URLs
Notes
- posts normally public -> webmention works
- private posts require access control. Webmention can't auth - it fails
- first βstandardizedβ step: webmentions for private posts
- general log in for viewing posts is a bigger problem
- description of how it it works by aaronpk read up on private-webmention
Steps of this sessions:
- try to find out the security implications of the extra-code step
The webmentions queue should generate the token at the time of sending the webmention.
- what about retrying webmentions?
- What about resending webmentions?
cweiske uses stapibas to send webmentions. External component, how does it get tokens for private posts?
The 401 and possibly 403 headers should be set at a dynamic place, but for static sites it can be done at the server (Apache, Ngnix) layer.
verification has to be done fast, problematic with queues
Later steps:
- make a matrix of implementations talking to other implementations