- From: Benjamin Young <bigbluehat@hypothes.is>
- Date: Mon, 23 Nov 2015 08:57:07 -0500
- To: Benjamin Goering <bengoering@gmail.com>
- Cc: public-openannotation <public-openannotation@w3.org>
- Message-ID: <CAE3H5F+djBOkBHFrsyC8NG=HAUYx7Ufsr9yksnWZawV9BupE3w@mail.gmail.com>
Hi Benjamin, This is fabulous content, but I fear is going to get overlooked on this list--which has essentially been replaced by this list: https://lists.w3.org/Archives/Public/public-annotation/ Would you mind reposting it there? I think it'd be more likely to get the attention it deserves. :) Additionally, that wiki page needs some attention...but we can address that separately from this thread. Thanks again for being here, Benjamin! Benjamin (seriously...we match ;) ) -- Developer Advocate http://hypothes.is/ On Thu, Nov 19, 2015 at 2:26 PM, Benjamin Goering <bengoering@gmail.com> wrote: > Is there a wiki page that lists implementations of web services that speak > OA? > I did a quick search but could only find. > https://www.w3.org/annotation/wiki/Existing_Protocol_Implementations > > My understanding is that API Authorization is intentionally being omitted > from the Web Annotation Protocol spec, and I think that's a good idea. > > However, I do note that Hugo's API requires a human to register for an API > key via form, then provide it as a 'wskey' parameter in requests. Hugo, > does your annotation API also support OAuth2 as described on this page? > http://labs.europeana.eu/api/authentication > > And I'm curious what other implementations are doing for API Authorization > > I think that an ecosystem of federated annotation providers (and a > competetive market of Clients that make use of them) would benefit from > machine-negotiable Dyanmic Client Registration > <https://tools.ietf.org/html/draft-ietf-oauth-dyn-reg-30> and > Authorization service/configuration discovery. > > An example would be if I had a personal annotation store, and I annotated > something on Europeana.edu, my App could seamlessly register for a > Europeana API Key, guide the user through authentication and authorizing my > Client to post on their behalf, and also share that Annotation with Hugo's > API. > > Sounds a bit 'out-there', and OAuth2 specs aren't very prescriptive on > exactly how to implement this. However I have recently been implementing > <http://accounts.livefyre.com/.well-known/openid-configuration> a > specific flavor of OAuth2, OpenID Connect (Core > <http://openid.net/specs/openid-connect-core-1_0.html>, Discovery > <https://openid.net/specs/openid-connect-discovery-1_0.html>, and Dynamic > Client Registration > <http://openid.net/specs/openid-connect-registration-1_0.html>via pyoidc > <https://github.com/rohe/pyoidc>), and it is, in my opinion, very well > thought out and promising. It's also prescriptive enough (and configurable > enough) to afford for interoperable Clients. > > I hope to prove this out with a UNXI tool I'm building, oidc-cli > <https://github.com/gobengo/oidc-cli>, such that the following works > $> client=$(oidc "https://accounts.livefyre.com" create-client) > $> annotations=$(curl -H "Authorization: $(oidc client-credentials > $client)" https://api.livefyre.com/annotations/?ldpstuff) > > A Web Annotation Protocol tool could depend on this sort of thing to make > these sort of one-liners work to easily stream annotations to stdout, while > ensuring that Annotation services can still identify all the Clients of > their APIs (for auditing, rate limiting, emailing the developers, etc). > $> web-annotations --discover-for-url " > http://answers.livefyre.com/developers/app-integrations/sidenotes/" | jq > . | more > -- > Benjamin Goering, Technologist > @bengo <https://twitter.com/bengo> - github.com/gobengo - > linkedin.com/in/benjamingoering > <https://www.linkedin.com/in/benjamingoering> >
Received on Monday, 23 November 2015 13:57:38 UTC