- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Fri, 23 Nov 2012 11:53:36 -0500
- To: Peter Williams <pwilliams@rapattoni.com>
- CC: Melvin Carvalho <melvincarvalho@gmail.com>, WebID XG <public-xg-webid@w3.org>, "public-rww@w3.org" <public-rww@w3.org>
- Message-ID: <50AFAA10.7060108@openlinksw.com>
On 11/22/12 2:16 PM, Peter Williams wrote: > We deployed nationally a linking service - meeting the definition of a saml sp affiliation (since patent issues are well settled). In short, logon button induces a site to show lots of idp buttons. Picking Google, say,/need does the Google logon, whose name us now bound to Common name id for the User (in this affiliation). Said name is provisioned by a primary idp, and on first learning the Google name one may have to authenticate to said idp, too, enabling auto name binding thereafter. > > We also enabled attributes from certain idp, know as attribute authority, to be stored alongside the name bindings.you can even change them, being a learned profile in effect. Sites in the affiliation requesting such intermediated sso get the stored (edited) profile, even when the aa is not the selected idle (this time). > > Now u fund all that using standards (ws-fedp) though interaction with the idle may use open id, oauth, or other Protocol. The oauth support means multiround interactions are now supported, only done if whose messages pass via the browser. > > In short, pulling a foaf card where its foaf agent acts as the aa given assertion of the webid name is easy. The we bid could even be the primary name id.. Logically id just implement the simple signature Protocol, allowing webid idps to check the certain etc, do the querying, and mint the signature bearing the verified webid. My site would rely on the sig and use it and the webid to pass the access control guard limiting access to the foaf card. > > So is that Protocol now within the remit of any standards effort? (It was never formally part of the w3c webid id group, note)? No it isn't. That said, by finally separating Identity, Identifiers, Identity Cards/Tokens, Profile Documents, Authentication, and Authorization, you can just do middleware plumbing (as you are doing right now) which amounts to working with what's already standardized, in lego-like manner. > > If not I can also bridge ... using the open link open id/webid Protocol converter. Yes, you can use our middleware or make your own. That's the beauty of standards that are based on open and modular architecture. You can exploit evolutionary patterns instead of starting and fighting distracting revolutions etc.. Kingsley > > Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > > > On 27 October 2012 23:39, Kingsley Idehen <kidehen@openlinksw.com<mailto:kidehen@openlinksw.com>> wrote: > All, > > A silent screencast (recorded screen interactions) demonstrating the use WebID, OAuth, and OpenID for authentication. I inadvertently forgot to include the basic digest authentication demo. > > Here's what the screencast covers: > > 1. login authentication > 2. 3rd party account binding -- so post authentication I use OAuth to bind my other accounts to my ODS account. > > Nice! Seems to have most of web 2.0 integrated! > > > Link: https://dl.dropbox.com/u/11096946/ODS%20Demos/screencasts/ods-javascript-authentication-and-account-binding-demo-silent.mov . > > -- > > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software > Company Web: http://www.openlinksw.com > Personal Weblog: http://www.openlinksw.com/blog/~kidehen > Twitter/Identi.ca handle: @kidehen > Google+ Profile: https://plus.google.com/112399767740508618350/about > LinkedIn Profile: http://www.linkedin.com/in/kidehen > > > > > > > > -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Friday, 23 November 2012 16:54:05 UTC