Re: WebID proxy? from Henry Story on 2012-07-20 (public-webid@w3.org from July 2012)

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 20 Jul 2012 17:51:22 +0200
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: elf Pavlik <perpetual-tripper@wwelves.org>, public-webid <public-webid@w3.org>
Message-Id: <BB3E1B5B-C223-441E-B69D-B324676BAFEE@bblfish.net>

On 20 Jul 2012, at 17:41, Melvin Carvalho wrote:

> 
> 
> On 20 July 2012 17:39, elf Pavlik <perpetual-tripper@wwelves.org> wrote:
> Excerpts from Melvin Carvalho's message of 2012-07-20 15:13:38 +0000:
> > On 20 July 2012 16:59, Henry Story <henry.story@bblfish.net> wrote:
> >
> > >
> > > On 20 Jul 2012, at 15:26, elf Pavlik wrote:
> > >
> > > > Hello,
> > > >
> > > > Hearing lately some discussions on delegation and proxies, I started
> > > thinking about proxy which would enable me to use WebID without need to
> > > have any private keys on client machine I may happen to use. One could use
> > > some other system - possibly pass phrase based - for authentication and
> > > than proxy would hold some secondary private key, which could also have
> > > more restricted permissions on chosen services.
> > > >
> > > > I look here for more flexibility in case someone wants to use friends
> > > computer just to RSVP to an event or similar cases with rather low security
> > > requirements...
> > >
> > > Use OpenId with one time passwords perhaps?
> > >
> >
> > Sure WebID can fall back to OpenID, BrowserID, SAML, username/password etc.
> I didn't mean 'fall back' to something other then WebID on a service provider side. Service could offer WebID only authentication and access control, while I would connect from a client machine without any client certificates through this 'WebID proxy' which could hold my 'client certs' and do WebID dances with service providers. I hope I express myself little more clearly this time :)
> 
> Yes this is what henry built.  You sign in to his service and it sends a one time verification token to the relying party which lets you in.  I think foaf.me still works that way.

That is a WebID delegation proxy, which is different
  http://www.w3.org/wiki/WebID/Authentication_Delegation

I'll try to build an openid proxy too, sometime. But anyone else can get going too.

Henry

> 
> This mechanism can be extended to any kind of login, much like oauth.
>  
> 
> ~ elf Pavlik ~
> 

Social Web Architect
http://bblfish.net/

Received on Friday, 20 July 2012 15:51:59 UTC