Skip to content

Link auth term instances to their definitions #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jeswr merged 1 commit into from
Mar 23, 2026
Merged

Link auth term instances to their definitions #108

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions lws10-core/Authentication.html
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<p>
This section defines a mechanism for identifying agents and end users that interact
with a linked web storage server. This specification does not mandate a particular
format for authentication credentials, though it does describe how existing identity systems
format for an <a>authentication credential</a>, though it does describe how existing identity systems
can be used in conjunction with the linked web storage authorization framework.
</p>

Expand All @@ -10,16 +10,16 @@ <h3>Authentication Credential Data Model</h3>

<p>
The data model described in this section outlines the requirements for any
concrete serialization of an authentication credential.
concrete serialization of an <a>authentication credential</a>.
</p>

<p>
An authentication credential MUST include tamper evident claims about a subject, including:
An <a>authentication credential</a> MUST include tamper evident claims about a subject, including:
</p>

<ul>
<li><dfn>subject</dfn> <strong>REQUIRED</strong> &mdash; an identifier for an end user. This MUST be a URI.</li>
<li><dfn>issuer</dfn> <strong>REQUIRED</strong> &mdash; an identifier for the entity that issued the authentication credential. This MUST be a URI.</li>
<li><dfn>issuer</dfn> <strong>REQUIRED</strong> &mdash; an identifier for the entity that issued the <a>authentication credential</a>. This MUST be a URI.</li>
<li><dfn>client</dfn> <strong>REQUIRED</strong> &mdash; an identifier for a client application. This SHOULD be a URI.</li>
<li><dfn>audience restriction</dfn> <strong>RECOMMENDED</strong> &mdash; a list of values that SHOULD include an authorization server identifier.</li>
</ul>
Expand All @@ -28,21 +28,21 @@ <h3>Authentication Credential Data Model</h3>
<section id="authentication-validation">
<h3>Authentication Credential Validation</h3>
<p>
Validation of an authentication credential requires a trust relationship between the
Validation of an <a>authentication credential</a> requires a trust relationship between the
verifier and issuer of the credential. This trust relationship MAY be established
through an out-of-band mechanism. Any additional mechanisms for establishing trust
between a verifier and an issuer are outlined in specific authentication suites.
between a verifier and an issuer are outlined in specific <a data-lt="authentication suite">authentication suites</a>.
</p>

<p>
An authentication credential MUST be signed. It is RECOMMENDED that the signature uses asymmetric cryptography.
An <a>authentication credential</a> MUST be signed. It is RECOMMENDED that the signature uses asymmetric cryptography.
</p>
</section>

<section id="authentication-type-identifier">
<h3>Authentication Credential Type Identifiers</h3>
<p>
Each authentication suite MUST be associated with a token type URI. An authentication suite SHOULD use a URI defined in the IANA "OAuth URI" registry.
Each <a>authentication suite</a> MUST be associated with a token type URI. An <a>authentication suite</a> SHOULD use a URI defined in the IANA "OAuth URI" registry.
</p>
</section>

4 changes: 2 additions & 2 deletions lws10-core/Authorization.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ <h4>Token Exchange</h4>
<p>
An LWS authorization server is a conforming OAuth 2.0 authorization server, capable of issuing access tokens to a client
for use with a storage server. In order to issue an access token, a client must first present a valid subject token,
such as an authentication credential, to the authorization server via OAuth 2.0 Token Exchange [[!RFC8693]].
such as an <a>authentication credential</a>, to the authorization server via OAuth 2.0 Token Exchange [[!RFC8693]].
</p>

<section id="authorization-token-exchange-request">
Expand All @@ -144,7 +144,7 @@ <h5>Request</h5>

<li>
The <code>subject_token</code> parameter is REQUIRED. The value of this parameter MUST include a valid subject token,
such as an authentication credential.
such as an <a>authentication credential</a>.
</li>

<li>
Expand Down
Loading