# 2020-01-20 Authentication Panel ## Present * @elf-pavlik * @dmitrizagidulin * @bblfish ## Issues ### WebID-TLS - elf-pavlik: does anyone intend to use WebID-TLS with the RS or it will only be used with OP. - dmitrizagidulin: I recall various conversations but AFAIK we don't to use it directly with RS. We only intend to support it as login to OP. - elf-pavlik: do we even need to have explicit mention since OP can use anything? - dmitrizagidulin: I think for clarity we should mention it in non normative way. - bblfish: people from Mozilla were researching reconnecting using TLS etc. I don't defend it just see it as interesting approach. - ...: I see HTTP Signatures as better mechanism. - elf-pavlik: should we draft some historical note explaining WebID-TLS. - bblfish: in WebID-TLS work we wanted to publish note about limitations of WebID-TLS including HTTP/2 compability and UX issue with cert selector popup. - elf-pavlik: I will take action to make PR to https://solid.github.io/specification/#webid-tls ### [(WIP) Tokens and Credentials section. #37](https://github.com/solid/authentication-panel/pull/37) - elf-pavlik: we should add example with JWS and how public key of OP gets discovered for identity credential verification (not DPOP proof part) ### Spec writing - dmitrizagidulin: I will add PR with note of deriving WebID, access tokens, validation of tokens and credentials. ### special case with deploying OP and RS together - dmitrizagidulin: yes i plan to include it for enterprise deployment cases. - elf-pavlik: what normative requirements it would incude and what impact on conformance for various parties. - dmitrizagidulin: i would mention that this spec supports that use of access_token for that specific use case. - elf-pavlik: so minimal clients would not need to implement suport and they would still fully conform to the spec.