henry and code

Henry has (appropriately) challenged me to produce a (modern) implementation of webid (by which he means an http responder that pings the URL of an inbound TLS 1.0 client cert and verifies if a graph exists at that URI, by considering the relevant statements. In essense, the verifying routine performs a sparql query having downloaded a graph from a file. Having done so, it should mint a session using some platforms session management infrasructure. Im happy to do so, upgrading the code I distributed publicly for webid a long time ago - still available publicly. As he says in his private email, its time. The code I distributed a long time is 2 years out of date, and represented the dotNet 3.5 community (furthermore), and its (then) luke walm adoption of RESTful technologies. Things have changed a lot in the last 2 years in the windows world; even in real estate I got to offer custom RSS feeds for the first time (full of SSO URI that pass session between sites, rather than blog content). Shall we say 7 days from now? What I propose to do is take the microsoft webmatrix download (which incidentally self-hosts joomla, drupal and wordpress instances, whose (wordpress) SIOC plugins Ive been exploiring all day) and modify the ASP.NET application which Microsoft distributes as a model of how relying parties site really ought to work with IDPs. Out of the box, it comes with openid, and OAUTH protocol support (but not browserID); being aimed at web masters (vs web developers). I propose I make it also accept https with client certs, where the interceptor validates the webid claims; minting a local session using webid as an authentication mechanism, as an alternative to redirecting to facebook, google, hotmail, etc. It will be useful to see how Windows has evolved in the RDF/semantic area, in those 2 years.