Re: Loosely Coupled Identification and Authentication Demo

so there are, oh, 1 million office365 IDPs, at this point - each one oauth enabled. And, Ill guess there are a million more, in the google world. IF GCHQ ever lets them free from surveillance, Yahoo will add more, I’m sure. Not rea`lly sure any of them are worth having, to be honest - being US firms that are “much afeared” - to cite a certain bard.


We cannot have a “more” list of 3 million icons. And I have no intention of using an American brand (like Microsoft or Google, or ...l) for anything that has the slightest value.


What do we do?


Has the time come to change the game?


The likelihood of me typing in a URI is zero. Given the MIcrosoft store of URI typed previously is shared between devices (and stored or controlled by a US/UK spying cloud), its compromised . So what do we do?


Or should we just admit - the political web needs to be white-house aligned (as in the typical W3C position)?






Sent from Surface Pro





From: Kingsley Idehen
Sent: ‎Sunday‎, ‎June‎ ‎29‎, ‎2014 ‎4‎:‎19‎ ‎PM
To: peter Msn, public-rww@w3.org, public-webid@w3.org





On 6/29/14 6:35 PM, Peter Williams wrote:



can we add an “community of interest” IDP to the list?




at https://login.windows.net/rapmlsqa.com there is another OAUTH IDP, openid connect enabled. 

OpenID Connect, Active Directory, Keberos, and SAML will soon be added. LDAP (via ldap: scheme URIs in cert. san)  is already there, but not obvious just yet, all you do is upload the x.509 cert to your LDAP server account and WebID-TLS works via our implementation of the protocol. 








See http://leastprivilege.com/2014/06/12/using-discovery-and-katana-middleware-to-write-an-openid-connect-web-client/ - a discovery method for the various oauth URIs, should one input andy@rapmlsqa.com in a identifier box intended for the million IDPs of office 365 world. Various signed JSON-P tokens back, suitable for  user profiling, or getting API tokens in the name of the original user, etc. 

You can add OAuth servers to the back-end configuration re. VAL (Virtualized Authenication Layer), the "more" button exposed list isn't fixed, that's just all I have configured. 


Kingsley 






ill guess there is a parallel google initiative, all coordinated by the US NSTIC and its nefarious aims for “cooperative vendors”. Im supportive, providing the US stuff boots assurance in peer-peer identity, which then takes “systemic OECD-wide security policies” into account.





From: Kingsley Idehen
Sent: ‎Sunday‎, ‎June‎ ‎29‎, ‎2014 ‎2‎:‎38‎ ‎PM
To: public-rww@w3.org, public-webid@w3.org
Cc: peter Msn





All,

Simple example of loosely coupled identification and authentication. 
Basically, I have a simple Access Control List (ACL) that requires you 
to verify your identity using a variety of identifier and authentication 
protocol combos en route to viewing the protected resource (a PNG image).

Note: WebID-TLS and TLS are distinct options i.e., you can use one or 
the other.

Links:

[1] 
http://kingsley.idehen.net/DAV/home/kidehen/Public/RWW-Demos/billionaire-ping-pong.png


-- 
Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com

Personal Weblog 1: http://kidehen.blogspot.com

Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen

Twitter Profile: https://twitter.com/kidehen

Google+ Profile: https://plus.google.com/+KingsleyIdehen/about

LinkedIn Profile: http://www.linkedin.com/in/kidehen

Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this






-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com

Personal Weblog 1: http://kidehen.blogspot.com

Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen

Twitter Profile: https://twitter.com/kidehen

Google+ Profile: https://plus.google.com/+KingsleyIdehen/about

LinkedIn Profile: http://www.linkedin.com/in/kidehen

Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this