- From: Andrei Sambra <andrei@fcns.eu>
- Date: Tue, 10 May 2011 10:31:54 +0200
- To: public-xg-webid@w3.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! I have played a little with your webid implementation, so hopefully I can provide some insight. I also want to congratulate you for the really nice job you've done! First of all, would it be possible to publish a description of the whole process? I am curious to see how the authenticator identifies me as user X if I don't provide any credential. If that wasn't in the scope of your demonstration, then I take back the question and you can stop reading here. :-) I suspect that what you are trying to do here is to ease the burden of managing certificates that users face, by allowing them to use their WebIDs stored on a third party entity. As I previously said, I'd love to see how the whole process happens. Also, if I understand correctly, to take advantage of a WebID that is not browser-based, one must have your version of a JS authentication endpoint, which queries the forge hosting the actual WebID. Wouldn't this lead to interoperability issues? That's about it. If you can manage to provide a solution that would completely eliminate the need to store certificates in the browser, I'd love to see it. Take care though not to introduce more complexity to an already simple solution (WebID), while still respecting the WebID specifications. Keep up the good work! Andrei On 05/10/2011 02:15 AM, Manu Sporny wrote: > Our CTO, Dave Longley, has been busy over the past week attempting to > get our pure JavaScript crypto/TLS library updated to remove the Flash > requirement from our WebID demos. He was successful. > > Using a WebSockets-enabled browser, such as Google Chrome - go here and > create an account (accept the invalid, demo-only SSL certificate for now): > > https://webid.digitalbazaar.com/manage/ > > Then go here: > > https://payswarm.com/webid-demo/ > > Select "Digital Bazaar WebID" as the provider and then "Select > (WebSocket)". You will be logged in and the login works faster than the > Flash-based version of our WebID implementation. > > Just to be clear - this is a complete, open-source implementation of > x509, TLS, and WebID using pure JavaScript and standards-based browser > technologies. > > You can view the source for Forge (the JavaScript x509/TLS/WebSockets > library) here: > > https://github.com/digitalbazaar/forge > > You can view the source for the WebID demo here: > > https://github.com/digitalbazaar/webid-demo > > -- manu > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJNyPf6AAoJEIiD5RA2Mme4aTIH/i2r4Nu1pO8FybA3VOUCJyY8 9QgkxzbGTZtzuQb2e4VoS5e9QyZ3z/rUFg/fY4rd8H6w5cosKiXRdYokLCIBc7Q3 iJokZrWQhggw1anvn0QXd8Fp6xzPXgM3Dl8cuznzT0ntPaN2IsOUk0uLb7PGT4gW v1xVUVxXRI34dT9KzMJfL2rBqPdmq1l3zRfBWa1cP0h/vQ663OVdtGuYGCAfgpQ5 jRI6sKHyy7ti/2Jgsxv0BFGeI5rH8Oe2nQGY4ewAyBiRElPz2hh+aJbAn1D01j9m scf2BPO7LiolKcq44Q4UrOiEQK3AVvqTYLxxwiAxpSzO6AcGLoknXq7ab2SBtrA= =RGQe -----END PGP SIGNATURE-----
Received on Tuesday, 10 May 2011 08:35:44 UTC