W3C home > Mailing lists > Public > public-rww@w3.org > June 2014

Re: Loosely Coupled Identification and Authentication Demo -- Microsoft IdP

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 30 Jun 2014 08:22:25 -0400
Message-ID: <53B15681.2090505@openlinksw.com>
To: Peter Williams <home_pw@msn.com>, "public-rww@w3.org" <public-rww@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
On 6/29/14 7:24 PM, Peter Williams wrote:
> We cannot have a “more” list of 3 million icons. And I have no 
> intention of using an American brand (like Microsoft or Google, or 
> ...l) for anything that has the slightest value.
> What do we do?

You don't have to remember or type in a URI when accessing a protected 
resource using the Virtualized Authentication Layer (VAL) referred to in 
my earlier post. I've produced a screenshot from my ODS (OpenLink Data 
Spaces) based Briefcase (our equivalent of OneDrive, Dropbox, Google 
Drive etc..) that displays the current authenticated identity associated 
with a user agent session [1].

If I wanted to make a more fine-grained acl, scoped to a specific URI, I 
would simply copy and paste that URI for use in my ACL. As for users, 
they never need to type anything when accessing protected resources, 
they simply click on a button.

If you wanted to use your Microsoft URI in the SAN of an X.509 cert you 
have two choices:

1. Simply generate your x.509 cert (Digital Identity Card) using YouID 
-- take the Microsoft PdP (Profile Data Provider) route with one of the 
following as the IdP (Identity Provider -- service that stores public 
part of your Identification oriented Claims) OneDrive, Dropbox, Google 
Drive etc..

2. Do it by hand using provider certificate generator provided by 
relevant operating system.

Either way, our NetID-TLS (a superset of WebID-TLS) protocol with handle 
identity claims authentication. In short, that's what happens when you 
click on the buttons presented by the VAL dialog.


[1] http://susepaste.org/35303595 -- My Identifier from Microsoft's Data 
Space (which is comprised of millions of other user accounts for every 
Microsoft app/service user)


Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this

Received on Monday, 30 June 2014 12:22:53 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:10:46 UTC