W3C home > Mailing lists > Public > public-xg-webid@w3.org > August 2011

Re: web-id starter question

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 2 Aug 2011 16:42:33 +0200
Cc: <melvincarvalho@gmail.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-Id: <63D87186-BBFB-42E1-84A5-4BEAA6EE7615@bblfish.net>
To: Peter Williams <home_pw@msn.com>, Jürgen Jakobitsch <j.jakobitsch@semantic-web.at>
Hi Jürgen,

   thanks for participating. The two services foafssl.org and webid.fcns.eu are identity providers
to make things easier to set up for servers that do not have ssl. The author of the fcns.eu service is currently on vacation, and I am working on improving foafssl.org - which currently has an issue.

 Those two services build on webid, though in the end it is best to implement webid directly, 
to avoid going through third parties.  Those extra protocols would best be discussed on the foaf-protocols mailing list for the moment. 

   http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

   There is no reason for example why one could not use an openid based protocol instead of what we are using. Perhaps that would be a better idea.

   I am really hoping to have an improved version of foafssl.org out really soon. 

On 2 Aug 2011, at 14:56, Peter Williams wrote:

> 
>  I think we should be careful about associated with the term webid any idp/rp interaction, and any assertion format - even one often used.
>  
> Why? becuase there is zero about it in the spec. If, broadly, its not in the spec of the WG, its not part of the mission.
>  
> Either codify it and add it to yet-another-assertion-protocol list, or lets not talk about it (here).

agree broadly. It is useful to look into it in so far as it allows one to show how non TLS services could participate easily in a WebID world. 

But there is little need to standardise things here, as opposed to with OpenId like protocols. The reason is that with WebID the Relying party can choose his authentication party  (eg. foafssl.org) - there is therefore no strong need for a standard.  In OpenId on the other hand the client specifies the Authenticating service (known as the IdP), and the Relying Party needs to communicate with it: so there has to be a standard way for them to communicate.

The only reason to use an OpenID like service is that it would just build nicely on people's existing knowledge.

>  
> As it stands, webid is about a brower-website relation. Its not about a browser-idp-website relation.
> > Date: Tue, 2 Aug 2011 11:33:36 +0200
> > From: melvincarvalho@gmail.com
> > To: j.jakobitsch@semantic-web.at
> > CC: public-xg-webid@w3.org; akkiehossain@gmail.com
> > Subject: Re: web-id starter question
> > 
> > On 2 August 2011 10:05, Jürgen Jakobitsch <j.jakobitsch@semantic-web.at> wrote:
> > > hi,
> > >
> > > first off : congrats to this great project, i set up my web-id without any hassle
> > > and it is very much to my liking.
> > 
> > Great! :)
> > 
> > > i'm a complete newbie with ssl, web-id and stuff..., so please excuse my ignorance...
> > >
> > > i of course want now want to develop some showcase and demo in our company, so my
> > > questions are :
> > >
> > > 1. is there a best practice regarding usage of an idp like https://auth.fcns.eu/?
> > >
> > > the thing is, i don't really understand, what i should do with the response from
> > > an idp.
> > >
> > > in a servlet for example an if(request.getParameter("error")==null && request.getParameter("webid")!=null && request.getHeader("referer")=="http://idp.org"){
> > >   logIn = true;
> > > }
> > >
> > > doesn't seem ok to me.
> > >
> > > is there an example?
> > 
> > I think you need to verify the signature. For example in PHP you can use:
> > 
> > http://php.net/manual/en/function.openssl-verify.php
> > 
> > Henry probably has some code in java for this.
> > 
> > >
> > >
> > > 2. on the other hand i'm trying to get a ssl-tomcat up and running and be asked by a servlet to choose
> > > one of my certificates.
> > > amongst other guides, i tried this one http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/
> > > without much of a success. i'm quite sure, i'm missing something...
> > >
> > > any gentle pointer into the right direction is greatly appreciated.
> > >
> > > wkr jürgen
> > >
> > > p.s.:
> > >
> > > logging in to http://foaf.me/ sometimes gives me strange results. besides taking very long,
> > > i'm sometimes presented with wrong data, like
> > > (right upper corner) logout http://some.uri.that.is.not.mine
> > 
> > I no longer look after foaf.me, but I've cc'd Akbar who runs the server.
> > 
> > >
> > > or
> > >
> > > Unknown FOAF format
> > > http://semantictweet.com/therealcrailtap
> > > powered by FOAF.Vix 1.0
> > >
> > > in the "me" tab.
> > >
> > > --
> > > punkt. netServices | Semantic Web Company
> > > ______________________________
> > > Jürgen Jakobitsch
> > > Codeography
> > >
> > > Lerchenfelder Gürtel 43 Top 5/2
> > > A - 1160 Wien
> > > Tel.: 01 / 897 41 22 - 29
> > > Fax: 01 / 897 41 22 - 22
> > >
> > > http://www.punkt.at | http://www.semantic-web.at
> > >
> > > web   : http://www.turnguard.com
> > > foaf  : http://www.turnguard.com/turnguard
> > > skype : jakobitsch-punkt
> > >
> > >
> > >
> > >
> > >
> >

Social Web Architect
http://bblfish.net/
Received on Tuesday, 2 August 2011 14:43:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 August 2011 14:43:16 GMT