W3C home > Mailing lists > Public > public-xg-webid@w3.org > May 2011

Re: Major Milestone: WebID over WebSockets

From: Andrei Sambra <andrei@fcns.eu>
Date: Tue, 10 May 2011 10:31:54 +0200
Message-ID: <4DC8F7FA.9090304@fcns.eu>
To: public-xg-webid@w3.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello!

I have played a little with your webid implementation, so hopefully I
can provide some insight. I also want to congratulate you for the really
nice job you've done!

First of all, would it be possible to publish a description of the whole
process?

I am curious to see how the authenticator identifies me as user X if I
don't provide any credential. If that wasn't in the scope of your
demonstration, then I take back the question and you can stop reading
here. :-)

I suspect that what you are trying to do here is to ease the burden of
managing certificates that users face, by allowing them to use their
WebIDs stored on a third party entity. As I previously said, I'd love to
see how the whole process happens.

Also, if I understand correctly, to take advantage of a WebID that is
not browser-based, one must have your version of a JS authentication
endpoint, which queries the forge hosting the actual WebID. Wouldn't
this lead to interoperability issues?

That's about it. If you can manage to provide a solution that would
completely eliminate the need to store certificates in the browser, I'd
love to see it. Take care though not to introduce more complexity to an
already simple solution (WebID), while still respecting the WebID
specifications.

Keep up the good work!

Andrei


On 05/10/2011 02:15 AM, Manu Sporny wrote:
> Our CTO, Dave Longley, has been busy over the past week attempting to
> get our pure JavaScript crypto/TLS library updated to remove the Flash
> requirement from our WebID demos. He was successful.
> 
> Using a WebSockets-enabled browser, such as Google Chrome - go here and
> create an account (accept the invalid, demo-only SSL certificate for now):
> 
> https://webid.digitalbazaar.com/manage/
> 
> Then go here:
> 
> https://payswarm.com/webid-demo/
> 
> Select "Digital Bazaar WebID" as the provider and then "Select
> (WebSocket)". You will be logged in and the login works faster than the
> Flash-based version of our WebID implementation.
> 
> Just to be clear - this is a complete, open-source implementation of
> x509, TLS, and WebID using pure JavaScript and standards-based browser
> technologies.
> 
> You can view the source for Forge (the JavaScript x509/TLS/WebSockets
> library) here:
> 
> https://github.com/digitalbazaar/forge
> 
> You can view the source for the WebID demo here:
> 
> https://github.com/digitalbazaar/webid-demo
> 
> -- manu
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNyPf6AAoJEIiD5RA2Mme4aTIH/i2r4Nu1pO8FybA3VOUCJyY8
9QgkxzbGTZtzuQb2e4VoS5e9QyZ3z/rUFg/fY4rd8H6w5cosKiXRdYokLCIBc7Q3
iJokZrWQhggw1anvn0QXd8Fp6xzPXgM3Dl8cuznzT0ntPaN2IsOUk0uLb7PGT4gW
v1xVUVxXRI34dT9KzMJfL2rBqPdmq1l3zRfBWa1cP0h/vQ663OVdtGuYGCAfgpQ5
jRI6sKHyy7ti/2Jgsxv0BFGeI5rH8Oe2nQGY4ewAyBiRElPz2hh+aJbAn1D01j9m
scf2BPO7LiolKcq44Q4UrOiEQK3AVvqTYLxxwiAxpSzO6AcGLoknXq7ab2SBtrA=
=RGQe
-----END PGP SIGNATURE-----
Received on Tuesday, 10 May 2011 08:35:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 10 May 2011 08:35:45 GMT