W3C home > Mailing lists > Public > public-xg-webid@w3.org > May 2011

Re: Major Milestone: WebID over WebSockets

From: Andrei Sambra <andrei@fcns.eu>
Date: Tue, 10 May 2011 10:31:54 +0200
Message-ID: <4DC8F7FA.9090304@fcns.eu>
To: public-xg-webid@w3.org
Hash: SHA1


I have played a little with your webid implementation, so hopefully I
can provide some insight. I also want to congratulate you for the really
nice job you've done!

First of all, would it be possible to publish a description of the whole

I am curious to see how the authenticator identifies me as user X if I
don't provide any credential. If that wasn't in the scope of your
demonstration, then I take back the question and you can stop reading
here. :-)

I suspect that what you are trying to do here is to ease the burden of
managing certificates that users face, by allowing them to use their
WebIDs stored on a third party entity. As I previously said, I'd love to
see how the whole process happens.

Also, if I understand correctly, to take advantage of a WebID that is
not browser-based, one must have your version of a JS authentication
endpoint, which queries the forge hosting the actual WebID. Wouldn't
this lead to interoperability issues?

That's about it. If you can manage to provide a solution that would
completely eliminate the need to store certificates in the browser, I'd
love to see it. Take care though not to introduce more complexity to an
already simple solution (WebID), while still respecting the WebID

Keep up the good work!


On 05/10/2011 02:15 AM, Manu Sporny wrote:
> Our CTO, Dave Longley, has been busy over the past week attempting to
> get our pure JavaScript crypto/TLS library updated to remove the Flash
> requirement from our WebID demos. He was successful.
> Using a WebSockets-enabled browser, such as Google Chrome - go here and
> create an account (accept the invalid, demo-only SSL certificate for now):
> https://webid.digitalbazaar.com/manage/
> Then go here:
> https://payswarm.com/webid-demo/
> Select "Digital Bazaar WebID" as the provider and then "Select
> (WebSocket)". You will be logged in and the login works faster than the
> Flash-based version of our WebID implementation.
> Just to be clear - this is a complete, open-source implementation of
> x509, TLS, and WebID using pure JavaScript and standards-based browser
> technologies.
> You can view the source for Forge (the JavaScript x509/TLS/WebSockets
> library) here:
> https://github.com/digitalbazaar/forge
> You can view the source for the WebID demo here:
> https://github.com/digitalbazaar/webid-demo
> -- manu
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

Received on Tuesday, 10 May 2011 08:35:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC