- From: Henry Story <henry.story@bblfish.net>
- Date: Fri, 20 Jul 2012 18:15:14 +0200
- To: elf Pavlik <perpetual-tripper@wwelves.org>
- Cc: Melvin Carvalho <melvincarvalho@gmail.com>, public-webid <public-webid@w3.org>
On 20 Jul 2012, at 18:06, elf Pavlik wrote: > Excerpts from elf Pavlik's message of 2012-07-20 15:39:35 +0000: >> Excerpts from Melvin Carvalho's message of 2012-07-20 15:13:38 +0000: >>> On 20 July 2012 16:59, Henry Story <henry.story@bblfish.net> wrote: >>> >>>> >>>> On 20 Jul 2012, at 15:26, elf Pavlik wrote: >>>> >>>>> Hello, >>>>> >>>>> Hearing lately some discussions on delegation and proxies, I started >>>> thinking about proxy which would enable me to use WebID without need to >>>> have any private keys on client machine I may happen to use. One could use >>>> some other system - possibly pass phrase based - for authentication and >>>> than proxy would hold some secondary private key, which could also have >>>> more restricted permissions on chosen services. >>>>> >>>>> I look here for more flexibility in case someone wants to use friends >>>> computer just to RSVP to an event or similar cases with rather low security >>>> requirements... >>>> >>>> Use OpenId with one time passwords perhaps? >>>> >>> >>> Sure WebID can fall back to OpenID, BrowserID, SAML, username/password etc. >> I didn't mean 'fall back' to something other then WebID on a service provider side. Service could offer WebID only authentication and access control, while I would connect from a client machine without any client certificates through this 'WebID proxy' which could hold my 'client certs' and do WebID dances with service providers. I hope I express myself little more clearly this time :) > > reading following replies i still don't feel certain that others have understand me: > 1. I want to access online service which ONLY accepts authenticating with WebID > 2. I want to use 'random' computer which DOESN'T HAVE any client certificates and I don't want to install any client certificates on it at any point > > i think of accomplishing it by connecting over a 'proxy' which holds client certificates with private key matching public key published in my WebID profile and accepts for authentication some other password based method, lets say basic login/pass pair just for simplicity. That is an interesting idea. It could be a real HTTP proxy and perhaps you could connect to it with a one time, time limited password. 2 problems: - you would not be able to use it wherever systems were set up to force you to use a specific proxy ( e.g. companies ) - I don't think there is such a thing as proxy chaining protocol. - the proxy would have to authenticate to all sites with https and probably the same id - you could only use it to authenticate to WebID sites - openid and others have not been automatised - you'd have to connect to the proxy over https - setting up a browser proxy is not easy for most users Otherwise a good idea, that could be useful in some situations. Henry > Social Web Architect http://bblfish.net/
Received on Friday, 20 July 2012 16:15:52 UTC