Well, I'd think so, but I'm not sure it will work, thus I have the following problem:
Say, I would like for my client to upload a file via FTP to my sever. They have a simple headless terminal application of, "their own design," which handles the file upload, so --no browser.
Within the file they upload I've embedded an XRI identifier, A batch job runs on the server the file was uploaded to, grabbing the XRI identifier from the file and does a proxy resolution for the XRI.
Now here's the catch, the service resolved from the proxy resolution should return a private resource. So, this is something that only should be returned if the user who uploaded the file has authorization.
Normally one would use OAuth in this situation, right, to assign rights to a third-party, right? However because FTP was used as the first leg, there seems to be no way manage the relationship between all parties (using redirects and all of the niceties of HTTP).
Has any one dealt with a problem such as this before? If so any ideas on a possible solution? Another way to phrase the question is; if you have a "protected" resource managed by XRDS discovery, what are best practices to protect that resource?
Regards,
Nika
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php