Re: Loosely Coupled Identification and Authentication Demo from Timothy Holborn on 2014-06-30 (public-rww@w3.org from June 2014)

From: Timothy Holborn <timothy.holborn@gmail.com>
Date: Mon, 30 Jun 2014 21:32:17 +1000
To: Peter Williams <home_pw@msn.com>
Cc: Kingsley Idehen <kidehen@openlinksw.com>, "public-rww@w3.org" <public-rww@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
Message-Id: <8E354E9D-F583-40D3-B9DF-03F2BA939840@gmail.com>
> On 30 Jun 2014, at 9:24 am, Peter Williams <home_pw@msn.com> wrote:
> 
> so there are, oh, 1 million office365 IDPs, at this point - each one oauth enabled. And, Ill guess there are a million more, in the google world. IF GCHQ ever lets them free from surveillance, Yahoo will add more, I’m sure. Not rea`lly sure any of them are worth having, to be honest - being US firms that are “much afeared” - to cite a certain bard.
> 
> We cannot have a “more” list of 3 million icons. And I have no intention of using an American brand (like Microsoft or Google, or ...l) for anything that has the slightest value.
> 
> What do we do?
> 
> Has the time come to change the game?
> 
> The likelihood of me typing in a URI is zero. Given the MIcrosoft store of URI typed previously is shared between devices (and stored or controlled by a US/UK spying cloud), its compromised . So what do we do?
> 
A domain name controlled by the user seems to make sense.  Would need a consumer friendly hosting services application, with rww capabilities, though....

> Or should we just admit - the political web needs to be white-house aligned (as in the typical W3C position)?
> 
The rule of law for us citizens, should be supported by the us.  For au citizens, au governance systems, uk, uk, etc.

Those rights should not extend overseas, or to other incorporated legal entities, for example - for commercial purpose, rather than the needs of law enforcement.

IMHO - of course.  In principal, the rule of law and related human rights principles should be highly accessible.  Participants accountable.  Enforcement available, within reasonable accessibility frameworks.

IMHO again, of course.

I think the UN, and other forums like it are the means used for information sharing and related bilateral agreements, data access, isn't it?  Or is it Verizon, Cisco, Facebook, etc,..

Timh.

> 
> Sent from Surface Pro
> 
> From: Kingsley Idehen
> Sent: ‎Sunday‎, ‎June‎ ‎29‎, ‎2014 ‎4‎:‎19‎ ‎PM
> To: peter Msn, public-rww@w3.org, public-webid@w3.org
> 
> On 6/29/14 6:35 PM, Peter Williams wrote:
> can we add an “community of interest” IDP to the list?
> 
> at https://login.windows.net/rapmlsqa.com there is another OAUTH IDP, openid connect enabled.
> 
> OpenID Connect, Active Directory, Keberos, and SAML will soon be added. LDAP (via ldap: scheme URIs in cert. san)  is already there, but not obvious just yet, all you do is upload the x.509 cert to your LDAP server account and WebID-TLS works via our implementation of the protocol. 
> 
> 
> See http://leastprivilege.com/2014/06/12/using-discovery-and-katana-middleware-to-write-an-openid-connect-web-client/ - a discovery method for the various oauth URIs, should one input andy@rapmlsqa.com in a identifier box intended for the million IDPs of office 365 world. Various signed JSON-P tokens back, suitable for  user profiling, or getting API tokens in the name of the original user, etc.
> 
> You can add OAuth servers to the back-end configuration re. VAL (Virtualized Authenication Layer), the "more" button exposed list isn't fixed, that's just all I have configured. 
> 
> 
> Kingsley 
> 
> 
> ill guess there is a parallel google initiative, all coordinated by the US NSTIC and its nefarious aims for “cooperative vendors”. Im supportive, providing the US stuff boots assurance in peer-peer identity, which then takes “systemic OECD-wide security policies” into account.
> 
> From: Kingsley Idehen
> Sent: ‎Sunday‎, ‎June‎ ‎29‎, ‎2014 ‎2‎:‎38‎ ‎PM
> To: public-rww@w3.org, public-webid@w3.org
> Cc: peter Msn
> 
> All,
> 
> Simple example of loosely coupled identification and authentication. 
> Basically, I have a simple Access Control List (ACL) that requires you 
> to verify your identity using a variety of identifier and authentication 
> protocol combos en route to viewing the protected resource (a PNG image).
> 
> Note: WebID-TLS and TLS are distinct options i.e., you can use one or 
> the other.
> 
> Links:
> 
> [1] 
> http://kingsley.idehen.net/DAV/home/kidehen/Public/RWW-Demos/billionaire-ping-pong.png
> 
> -- 
> Regards,
> 
> Kingsley Idehen 
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog 1: http://kidehen.blogspot.com
> Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
> 
> 
> 
> 
> -- 
> Regards,
> 
> Kingsley Idehen       
> Founder & CEO 
> OpenLink Software     
> Company Web: http://www.openlinksw.com
> Personal Weblog 1: http://kidehen.blogspot.com
> Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
Received on Monday, 30 June 2014 11:32:50 UTC