Re: WebID Test Suite from Henry Story on 2011-04-05 (public-xg-webid@w3.org from April 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 5 Apr 2011 16:34:57 +0200
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: bergi <bergi@axolotlfarm.org>, WebID XG <public-xg-webid@w3.org>, clerezza-dev@incubator.apache.org
Message-Id: <BD842041-B85A-486B-8047-6B0945C67F85@bblfish.net>

On 5 Apr 2011, at 15:46, Kingsley Idehen wrote:

> On 4/5/11 9:34 AM, Henry Story wrote:
>> On 5 Apr 2011, at 15:26, Kingsley Idehen wrote:
>>> On 4/5/11 5:09 AM, Henry Story wrote:
>>>> I  put an initial Clerezza servers up on bblfish.net with the WebId test endpoint running here:
>>>> 
>>>>    https://bblfish.net:8443/test/WebId [1]
>>>> 
>>>> This will show you
>>>> 
>>>>  - the public key from the certificate you used, if any
>>>>  - for each claimed WebId:
>>>>     which were verified, failed or are still unverified
>>>>     (that last option is to allow for asynchronous WebId checking )
>>> [snip]
>>> Henry,
>>> 
>>> Works fine with my "http:" scheme based WebID but doesn't seem to do so with my "mailto:" and "acct:" scheme based WebIDs. Anyway, I'll double check a few things on my side re. these non "http:" scheme based WebIDs just in case something else is amiss.
>> Nothing is amiss: I don't implement those yet, and they are not speced out carefully yet.
> 
> Something is amiss since you shouldn't be implementing anything. All you should be doing is asking the IdP to verify the Identity in the security token (X.509 cert). You shouldn't be doing that yourself i.e., in your coe, hence the problem :-)

Well it's probably a bug on my part. I need to check the code to see what is happening with certificates that contain mailto urls. I think I forgot to check that, and it probably throws an exception somwhere.

Now that means I need to create myself a cert with a mailto url in there...

thanks for bringing that up.

Henry

> 
>> That would be the purpose of such a test suite to test though. Just how many features are implemented by a server.
> 
> A Relying Party (the one seeking to verify Identity re. resource access) asks the IdP (the identity token issuer and verifier) to verify an Identity, it shouldn't be doing the IdPs job via local code, which seems to be the case here.
> 
> Kingsley
>> Henry
>> 
>>> 
>>> Kingsley
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 
>> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> President&  CEO
> OpenLink Software
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca: kidehen
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

Received on Tuesday, 5 April 2011 14:35:31 UTC