W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

RE: webid to openid to azure to shib

From: Peter Williams <home_pw@msn.com>
Date: Fri, 23 Dec 2011 09:02:50 -0800
Message-ID: <SNT143-W112C308B955E31D5BBF53592AB0@phx.gbl>
To: <kidehen@openlinksw.com>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>

Your OP asserting party works nicely with full openid model, too, including delegation. I added the following to my blogger template:
 <link href='http://id.myopenlink.net/openid-server' rel='openid.server'/>
<link href='http://id.myopenlink.net/openid-proxy/id.vsp?w=http://yorkporc.blogspot.com/%23' rel='openid.delegate'/> Now the openid Foundation accepts my openid as http://yorkporc.blogspot.com/. Seems no reason why that site could not now be consuming a foaf card at that address. So my openid is http://yorkporc.blogspot.com/ and my webid is http://yorkporc.blogspot.com/# (Hmm). As Henry says, who cares about URIs being visible. What matters is that cert picker dialog pops up.  Date: Fri, 23 Dec 2011 11:52:47 -0500
From: kidehen@openlinksw.com
To: public-xg-webid@w3.org
Subject: Re: webid to openid to azure to shib


  


    
  
  
    On 12/23/11 11:17 AM, Peter Williams wrote:
    
      
      
        Kingsley's team has made a working run of webid -> openid
        -> ws-fedp, using Microsoft Azure' STS service as the
        bridge. Both of my certs (same key) with different webid (one
        pointing at a turtle file, one pointing an a blog page) work,
        and induce Microsoft Azure cloud STS to release a signed SAML
        token (evil XML with xml/dsig, of  course) to an assertion
        consuming service.

         

        To make it a better demo (and one that can be public), we really
        now need someone from the academic Shib community to join in. We
        need someone (ideally tied into the internet2 or UK equivalent
        projects) with a public Shib endpoint to first complete an Azure
        IDP to Shib SP interworking demo, using the production ADFS
        (ws-fedp) feature of the Shib 2.0 software. Then, we hook the
        two ends of the pipe together. There seems no reason why one
        cannot use webid to get access to the Shib world, at this point.

         

        Ill put up a demo website myself on Azure, later. I dont have
        any funds to pay for the compute hours, to keep the image
        operational. If somebody else wants to go get a trial Azure
        license (and some compute hours),  perhaps you can let me use
        it. A tiny image is fine. Ive already used my trial rights from
        Microsoft more than once (and I cannot abuse their goodwill any
        more...)

      
    
    

    We've used Amazon AWS since its inception. Never got round to using
    Azure, but I think you've set the foundation for doing that. I don't
    mind getting an Azure instance setup for this effort. Only potential
    delay is the holiday period which kinda starts today. Thus, I will
    (as time permits) look at getting Azure setup so we have a
    playground. We have developer relationships with Microsoft too, so
    there are many ways we (OpenLink) can deal with the costs. 

    

    
       

        For now, we will have to settle for an openid demo, with webid
        as the challenge.

         

        at https://openid.net/foundation/members/registration I
        used the following "openid"

         

              http://id.myopenlink.net/openid-proxy/id.vsp?w=http://yorkporc.blogspot.com/%23

               

              as that is a pain, I
                just made a shorter http://tinyurl.com/pwopenid

              

              Kingsley's ods system
                receives the openid request, challenges using webid,
                does ods magic (beyond my comprehension) concerning the
                semantic web, and returns an openid response to the
                openid foundation's registration page. i Do NOT have an
                account on the ODS system (as far as I know), and the
                ODS service is essentially a public bridge, for an webid
                <-> openid interworking.

            
    
    

    Yep! You've described it well. It's only magic until folks grok the
    true power of Linked Data, AWWW, combined with the obsession we have
    with functional middleware (driven by standards implementation)  at
    OpenLink Software :-) 

    
       

             

         

      
    
    

    

    -- 

Regards,

Kingsley Idehen	      
Founder & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen




 		 	   		  
Received on Friday, 23 December 2011 17:03:20 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 23 December 2011 17:03:20 GMT