W3C home > Mailing lists > Public > public-xg-webid@w3.org > July 2011

Browser ID + all clientside JS WebID

From: Nathan <nathan@webr3.org>
Date: Tue, 19 Jul 2011 21:00:43 +0100
Message-ID: <4E25E26B.9080402@webr3.org>
To: Ben Adida <ben@adida.net>
CC: Kingsley Idehen <kidehen@openlinksw.com>, WebID XG <public-xg-webid@w3.org>, Manu Sporny <msporny@digitalbazaar.com>, Henry Story <henry.story@gmail.com>
Ben Adida wrote:
>> Generally speaking it seems at a non technical level, that BrowserID is
>> a nice abstraction layer on top of WebID, that makes it more user 
>> friendly.
> 
> Right, at a non-technical level, but if you dig into the technical 
> details, the big difference is that BrowserID delivers an assertion in 
> the application layer, while WebID delivers it in the network security 
> layer.

question: if a domain isn't allowed access, at what point in the 
procedure does this take effect? before or after the assertion is sent 
to the rp/verifier?

scenario:
PublicKey storeWebID('http://we....');
string getWebID();

storeWebID takes a URI input, associates it with a keypair and returns 
the public key.

one adds the public key to their personal profile located at webid-uri 
(or has a script to do it w/ a password verification or some such)

getWebID pops up a dialog that asks them to select a webid uri, after 
selecting it, it signs it with the private key associated with it, gets 
the public key from webid-uri, verifies the signature, if cool it 
returns the webid.
Received on Tuesday, 19 July 2011 20:01:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:25 UTC