W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Authentication workflow draft.

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 12 Apr 2011 16:28:08 -0400
Message-ID: <4DA4B5D8.4070305@openlinksw.com>
To: Henry Story <henry.story@bblfish.net>
CC: peter williams <home_pw@msn.com>, 'Akbar Hossain' <mail@akbarhossain.com>, 'WebID XG' <public-xg-webid@w3.org>
On 4/12/11 3:23 PM, Henry Story wrote:
>
> On 12 Apr 2011, at 21:14, peter williams wrote:
>
>> If we wanted to use W3C standards (even partly), we could even post
>> <wsse: BinarySecurityToken Id="myX509Token"
>>         ValueType="wsse: X509v3"
>>         EncodingType="wsse: Base64Binary">
>> NIFEPzCCA9CrAwIBAgIQEmtJZc0 . .. The rest of the X. 509 base 64 data 
>> FExErTECA .. .
>> </wsse:BinarySecurityToken>
>> over https (with client authn + SSL Sessionid).
>> All it has to be is something like (ignoring the SOAP bit):
>> http://msdn.microsoft.com/en-us/library/ms996951.aspx(Adding the 
>> X.509 Certificate Token to a SOAP Message)
>> could we be allowed JUST a tiny wee bit of SOAP (since java, and 
>> dotNet and  all do the above, being so ancient a spec)? If not, then 
>> we are back to fussing with mime types and encoding headers etc, per 
>> my last message
>
> No this is a RESTful list. We are working on hypermedia applications 
> here.
>
> I do notice a very strong tendendency with you to always seek out the 
> more complicated solutions, rather than the simpler ones, to seek 
> complexity rather than simplicity...

Henry,

Compatibility pursuits can easily be misconstrued as complexity. The 
pursuit here is all about unobtrusive introduction to WebID to massive 
realms such as Windows installed base.

Open Source isn't the realm that's going to make the difference here, 
solely. We need a multi pronged approach to vector bots dispatch re. 
WebID booststrap. No harm getting Microsoft's end-user and developer 
bases on board with mininum fuss, even is "minimum fuss" sounds complex :-)

Kingsley
>
>
>
>> *From:*akkiehossain@gmail.com 
>> <mailto:akkiehossain@gmail.com>[mailto:akkiehossain@gmail.com]*On 
>> Behalf Of*Akbar Hossain
>> *Sent:*Tuesday, April 12, 2011 11:04 AM
>> *To:*peter williams
>> *Cc:*WebID XG; Andrei Sambra; Kingsley Idehen
>> *Subject:*Re: RE: Authentication workflow draft.
>>
>> Perhaps a small variant of the delegated service as perfoafssl.org 
>> <http://foafssl.org/>
>>
>> On 12 Apr 2011 18:03, "peter williams" <home_pw@msn.com 
>> <mailto:home_pw@msn.com>> wrote:
>> > Yes, it's time for a restful web service (supported by https client 
>> authn and SSL session management) that takes a base64 encode cert as 
>> input, and returns YES/NO
>> >
>> > The input parser should assume the worst: strange CRLF or LR or CR, 
>> random header text, variable number of dashes, missing final EOL, UTF 
>> header bytes, web friendly char sets or ascii - so as to deal with 
>> the realty of "PEM encoding"
>> >
>> > Another variant would take a cert sha1 fingerprint, rather than the 
>> cert.
>> >
>> > -----Original Message-----
>> > From:public-xg-webid-request@w3.org 
>> <mailto:public-xg-webid-request@w3.org>[mailto:public-xg-webid-request@w3.org 
>> <mailto:public-xg-webid-request@w3.org>] On Behalf Of Kingsley Idehen
>> > Sent: Tuesday, April 12, 2011 9:29 AM
>> > To: peter williams
>> > Cc: 'Andrei Sambra'; 'WebID XG'
>> > Subject: Re: Authentication workflow draft.
>> >
>> > On 4/12/11 12:14 PM, peter williams wrote:
>> >> This is relevant to me, as it means for each URI in the SAN, I do a 
>> uriburner query, which (remotely) looks for a cert:identity match for 
>> 1 card at a time.
>> >>
>> >> Can sparql have multiple FROM lines? Perhaps?
>> >
>> > Yes, re. Virtuoso's SPARQL support.
>> >
>> >> Can the query be modified so Id know which URI matched, if one 
>> could specify multiple matches?
>> >
>> > Yes.
>> >
>> > I am guessing its time for a WebID verification service. Ditto email 
>> verification service as spec'd by Toby a while back.
>> >
>> > --
>> >
>> > Regards,
>> >
>> > Kingsley Idehen
>> > President& CEO
>> > OpenLink Software
>> > Web:http://www.openlinksw.com <http://www.openlinksw.com/>
>> > Weblog:http://www.openlinksw.com/blog/~kidehen 
>> <http://www.openlinksw.com/blog/%7Ekidehen>
>> > Twitter/Identi.ca: kidehen
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>
> Social Web Architect
> http://bblfish.net/
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Tuesday, 12 April 2011 20:29:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC