Re: Loosely Coupled Identification and Authentication Demo

On 6/29/14 7:24 PM, Peter Williams wrote:
> so there are, oh, 1 million office365 IDPs, at this point - each one 
> oauth enabled.

Each of those is associated with a Microsoft Live account [1], so they 
are already supported by our Virtualized Authentication Layer (VAL). The 
same applies to YouID [2] where Microsoft Live functions as an Profile 
Data Provider (PdP) and Identity Service Provider (IdP).

> And, Ill guess there are a million more, in the google world. IF GCHQ 
> ever lets them free from surveillance, Yahoo will add more, I’m sure. 
> Not rea`lly sure any of them are worth having, to be honest - being US 
> firms that are “much afeared” - to cite a certain bard.
> We cannot have a “more” list of 3 million icons.

Certainly not, and that isn't the case re. VAL.

> And I have no intention of using an American brand (like Microsoft or 
> Google, or ...l) for anything that has the slightest value.
>
> What do we do?
>
> Has the time come to change the game?
>
> The likelihood of me typing in a URI is zero. Given the MIcrosoft 
> store of URI typed previously is shared between devices (and stored or 
> controlled by a US/UK spying cloud), its compromised . So what do we do?
>
> Or should we just admit - the political web needs to be white-house 
> aligned (as in the typical W3C position)?

A single identifier should be used as the object of a relation (i.e, 
field value) that associates said identifier (http:, mailto: etc. scheme 
URIs) with an authentication protocol.

There aren't a million authentication protocols :-)

Links:

[1] 
http://windows.microsoft.com/en-US/windows-live/sign-in-what-is-microsoft-account 
-- Microsoft's OAuth 2.0 based Authentication .
[2] http://youid.openlinksw.com -- YouID app for iOS and Android 
(Windows Phone and updated HTML version coming).

Kingsley
>
>
> Sent from Surface Pro
>
> *From:* Kingsley Idehen <mailto:kidehen@openlinksw.com>
> *Sent:* ‎Sunday‎, ‎June‎ ‎29‎, ‎2014 ‎4‎:‎19‎ ‎PM
> *To:* peter Msn <mailto:home_pw@msn.com>, public-rww@w3.org 
> <mailto:public-rww@w3.org>, public-webid@w3.org 
> <mailto:public-webid@w3.org>
>
> On 6/29/14 6:35 PM, Peter Williams wrote:
>
>     can we add an “community of interest” IDP to the list?
>
>     at https://login.windows.net/rapmlsqa.com there is another OAUTH
>     IDP, openid connect enabled.
>
>
> OpenID Connect, Active Directory, Keberos, and SAML will soon be 
> added. LDAP (via ldap: scheme URIs in cert. san)  is already there, 
> but not obvious just yet, all you do is upload the x.509 cert to your 
> LDAP server account and WebID-TLS works via our implementation of the 
> protocol.
>
>
>
>     See
>     http://leastprivilege.com/2014/06/12/using-discovery-and-katana-middleware-to-write-an-openid-connect-web-client/
>     -
>     <http://leastprivilege.com/2014/06/12/using-discovery-and-katana-middleware-to-write-an-openid-connect-web-client/%20->
>     a discovery method for the various oauth URIs, should one input
>     andy@rapmlsqa.com <mailto:andy@rapmlsqa.com> in a identifier box
>     intended for the million IDPs of office 365 world. Various signed
>     JSON-P tokens back, suitable for  user profiling, or getting API
>     tokens in the name of the original user, etc.
>
>
> You can add OAuth servers to the back-end configuration re. VAL 
> (Virtualized Authenication Layer), the "more" button exposed list 
> isn't fixed, that's just all I have configured.
>
>
> Kingsley
>
>
>     ill guess there is a parallel google initiative, all coordinated
>     by the US NSTIC and its nefarious aims for “cooperative vendors”.
>     Im supportive, providing the US stuff boots assurance in peer-peer
>     identity, which then takes “systemic OECD-wide security policies”
>     into account.
>
>     *From:* Kingsley Idehen <mailto:kidehen@openlinksw.com>
>     *Sent:* ‎Sunday‎, ‎June‎ ‎29‎, ‎2014 ‎2‎:‎38‎ ‎PM
>     *To:* public-rww@w3.org <mailto:public-rww@w3.org>,
>     public-webid@w3.org <mailto:public-webid@w3.org>
>     *Cc:* peter Msn <mailto:home_pw@msn.com>
>
>     All,
>
>     Simple example of loosely coupled identification and authentication.
>     Basically, I have a simple Access Control List (ACL) that requires
>     you
>     to verify your identity using a variety of identifier and
>     authentication
>     protocol combos en route to viewing the protected resource (a PNG
>     image).
>
>     Note: WebID-TLS and TLS are distinct options i.e., you can use one or
>     the other.
>
>     Links:
>
>     [1]
>     http://kingsley.idehen.net/DAV/home/kidehen/Public/RWW-Demos/billionaire-ping-pong.png
>
>     -- 
>     Regards,
>
>     Kingsley Idehen
>     Founder & CEO
>     OpenLink Software
>     Company Web: http://www.openlinksw.com
>     Personal Weblog 1: http://kidehen.blogspot.com
>     Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
>     <http://www.openlinksw.com/blog/%7Ekidehen>
>     Twitter Profile: https://twitter.com/kidehen
>     Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
>     LinkedIn Profile: http://www.linkedin.com/in/kidehen
>     Personal WebID:
>     http://kingsley.idehen.net/dataspace/person/kidehen#this
>
>
>
>
> -- 
> Regards,
>
> Kingsley Idehen 
> Founder & CEO
> OpenLink Software
> Company Web:http://www.openlinksw.com
> Personal Weblog 1:http://kidehen.blogspot.com
> Personal Weblog 2:http://www.openlinksw.com/blog/~kidehen
> Twitter Profile:https://twitter.com/kidehen
> Google+ Profile:https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile:http://www.linkedin.com/in/kidehen
> Personal WebID:http://kingsley.idehen.net/dataspace/person/kidehen#this


-- 
Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this