Modify text concerning ivoa_x509 scheme#16
Merged
mbtaylor merged 2 commits intoivoa-std:mainfrom Jul 10, 2025
Merged
Conversation
Add text describing normal usage of X.509 certificates, and add unparameterised option for ivoa_x509.
bertocco
previously approved these changes
Jul 7, 2025
pdowler
reviewed
Jul 9, 2025
AuthVO.tex
Outdated
| To use this scheme, the client must present a username and password | ||
| If the client does not hold any such certificate, | ||
| and the \verb|access_url|/\verb|standard_id| pair is present, | ||
| it may obtain one by presenting a username and password |
There was a problem hiding this comment.
I believe it is the case that the standard_id says what kind of credentials can be used (exchanged) to obtain the client certificate, so "a username and password" here is not the only possibility. I think just replacing that with "credentials" to go along with the end of the sentence would fix it.
AuthVO.tex
Outdated
| it has a \verb|standard_id| of \verb|BasicAA| (Section~\ref{sec:standard-id}) | ||
| so transmit user credentials using | ||
| The unparameterised \verb|ivoa_x509| challenge means we can authenticate | ||
| with a certificate if we have one, but we don't. |
There was a problem hiding this comment.
I would probably state this as
The unparameterised \verb|ivoa_x509| challenge means the client can, in principle, authenticate with a certificate from any valid CA and not just one issued by the endpoint in the parameterised challenge.
I think the rest correctly states that the parameterised challenge says how to obtain a client certificate and that the service accepts such (locally issued) certificates.
pdowler
approved these changes
Jul 10, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add text describing normal usage of X.509 certificates, and add unparameterised option for ivoa_x509.