- From: Peter Williams <home_pw@msn.com>
- Date: Sat, 15 Jun 2013 19:42:23 +0000
- To: "foaf-protocols@lists.foaf-project.org" <foaf-protocols@lists.foaf-project.org>, "public-webid@w3.org" <public-webid@w3.org>, "public-rww@w3.org" <public-rww@w3.org>, Kingsley Idehen <kidehen@openlinksw.com>
- Message-ID: <SNT401-EAS38151FCFDD6D1C5986950BF92810@phx.gbl>
Ive been playing with an openid-connect variant of OAUTH2 - by using a raw oauth AS/STS engine recently enhanced to also process the openid connect flow. The latter goes beyond the classical (websso augmented) oauth2 flows. And, Ive been playing with identifiers in the wordpress cloud world, particularly those such as myID@wordpress.com that “govern”my multiple wordpress sites ; both classes (those hosted in the cloud and those n hosted on my PC). All such sites use common cloud API services ...to store such as stats (per governed site), thereby “monitoring” usage and WHO visits my sites (meta metadata, that is). The sites I host outside of cloud control retain their own login, membership and authz system (for documents and guarded API endpoints), distinguishing an account id (for authn and authz) from the cloud-id (that discovers and routes to endpoints both cloud and not-cloud hosted). I would not be in the least surprised to the two things above merge, so that an oauth handshake based off a token pertaining to the cloudid@wordpress.com might be leveraged for authz and authn in the locally-hosted wordpress deployment, too. After all, that was the whole point ... of the openid connect variant of OAUTH2. has the webid world evolved to distinguish between id for discovery and governance and accountability (of or at multiple points of presence say) and id for authn, authz and controlled-device access delegation? Sent from Windows Mail From: Kingsley Idehen Sent: Saturday, June 15, 2013 10:59 AM To: foaf-protocols@lists.foaf-project.org, public-webid@w3.org, public-rww@w3.org On 6/15/13 7:31 AM, Melvin Carvalho wrote: > WebID + username/password can be employed, Kingsley has a demo of this > WebID + OpenID -- had this demoed a while > WebID + OAuth -- I believe Kinsley has also a working demo of this > WebID + Basic Auth -- perhpas over https too We have *ID (i.e. an verifiable ID or your choice) that works with associated protocols and "your" data access policies. It's even smart enough to organize you emails, calendars, and address books, amongst other data spaces :-) Links: 1. http://kingsley.idehen.net/DAV/home/kidehen/Public -- public folder with a potpourri of resources and resource collections (sub-folders) to which different data access policies apply (it also uses a RESTful pattern for notifying me about you desire to access a resource using a verifiable identifier of your choosing) 2. http://bit.ly/UDlwc6 -- post explaining how you can combine multiple verifiable identifier with multiple authentication protocols for a more flexible approach to resource access control 3. http://bit.ly/XZdqYb -- same concept applied to MediaWiki (which can also be applied to WordPress and Drupal whenever we have the time to tweak those codebases as we did MediaWiki) . -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
_______________________________________________ foaf-protocols mailing list foaf-protocols@lists.foaf-project.org http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
Received on Saturday, 15 June 2013 19:59:24 UTC