Skip to content

Modify text concerning ivoa_x509 scheme #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 10, 2025
Merged

Modify text concerning ivoa_x509 scheme #16

merged 2 commits into from
Jul 10, 2025

Conversation

mbtaylor
Copy link
Member

@mbtaylor mbtaylor commented Jul 7, 2025

Add text describing normal usage of X.509 certificates, and add unparameterised option for ivoa_x509.

@mbtaylor
Modify text concerning ivoa_x509 scheme
eaae5c3 
Add text describing normal usage of X.509 certificates, and
add unparameterised option for ivoa_x509.
@mbtaylor mbtaylor requested review from bertocco and pdowler July 7, 2025 10:15
@mbtaylor mbtaylor mentioned this pull request Jul 7, 2025
Closed
bertocco
bertocco previously approved these changes Jul 7, 2025
View reviewed changes
pdowler
pdowler reviewed Jul 9, 2025
View reviewed changes
AuthVO.tex Outdated
To use this scheme, the client must present a username and password
If the client does not hold any such certificate,
and the \verb|access_url|/\verb|standard_id| pair is present,
it may obtain one by presenting a username and password
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it is the case that the standard_id says what kind of credentials can be used (exchanged) to obtain the client certificate, so "a username and password" here is not the only possibility. I think just replacing that with "credentials" to go along with the end of the sentence would fix it.

AuthVO.tex Outdated
it has a \verb|standard_id| of \verb|BasicAA| (Section~\ref{sec:standard-id})
so transmit user credentials using
The unparameterised \verb|ivoa_x509| challenge means we can authenticate
with a certificate if we have one, but we don't.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would probably state this as

The unparameterised \verb|ivoa_x509| challenge means the client can, in principle, authenticate with a certificate from any valid CA and not just one issued by the endpoint in the parameterised challenge.

I think the rest correctly states that the parameterised challenge says how to obtain a client certificate and that the service accepts such (locally issued) certificates.

@mbtaylor mbtaylor requested a review from pdowler July 10, 2025 08:23
@mbtaylor mbtaylor merged commit ec5cfe6 into ivoa-std:main Jul 10, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pdowler pdowler pdowler approved these changes

@bertocco bertocco bertocco left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mbtaylor @bertocco @pdowler