W3C home > Mailing lists > Public > public-webid@w3.org > June 2014

Re: Loosely Coupled Identification and Authentication Demo

From: Peter Williams <home_pw@msn.com>
Date: Sun, 29 Jun 2014 23:24:08 +0000
Message-ID: <SNT404-EAS135523A93C8EA555140424D92050@phx.gbl>
To: Kingsley Idehen <kidehen@openlinksw.com>, "public-rww@w3.org" <public-rww@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
so there are, oh, 1 million office365 IDPs, at this point - each one oauth enabled. And, Ill guess there are a million more, in the google world. IF GCHQ ever lets them free from surveillance, Yahoo will add more, I’m sure. Not rea`lly sure any of them are worth having, to be honest - being US firms that are “much afeared” - to cite a certain bard.


We cannot have a “more” list of 3 million icons. And I have no intention of using an American brand (like Microsoft or Google, or ...l) for anything that has the slightest value.


What do we do?


Has the time come to change the game?


The likelihood of me typing in a URI is zero. Given the MIcrosoft store of URI typed previously is shared between devices (and stored or controlled by a US/UK spying cloud), its compromised . So what do we do?


Or should we just admit - the political web needs to be white-house aligned (as in the typical W3C position)?






Sent from Surface Pro





From: Kingsley Idehen
Sent: ‎Sunday‎, ‎June‎ ‎29‎, ‎2014 ‎4‎:‎19‎ ‎PM
To: peter Msn, public-rww@w3.org, public-webid@w3.org





On 6/29/14 6:35 PM, Peter Williams wrote:



can we add an “community of interest” IDP to the list?




at https://login.windows.net/rapmlsqa.com there is another OAUTH IDP, openid connect enabled. 

OpenID Connect, Active Directory, Keberos, and SAML will soon be added. LDAP (via ldap: scheme URIs in cert. san)  is already there, but not obvious just yet, all you do is upload the x.509 cert to your LDAP server account and WebID-TLS works via our implementation of the protocol. 








See http://leastprivilege.com/2014/06/12/using-discovery-and-katana-middleware-to-write-an-openid-connect-web-client/ - a discovery method for the various oauth URIs, should one input andy@rapmlsqa.com in a identifier box intended for the million IDPs of office 365 world. Various signed JSON-P tokens back, suitable for  user profiling, or getting API tokens in the name of the original user, etc. 

You can add OAuth servers to the back-end configuration re. VAL (Virtualized Authenication Layer), the "more" button exposed list isn't fixed, that's just all I have configured. 


Kingsley 






ill guess there is a parallel google initiative, all coordinated by the US NSTIC and its nefarious aims for “cooperative vendors”. Im supportive, providing the US stuff boots assurance in peer-peer identity, which then takes “systemic OECD-wide security policies” into account.





From: Kingsley Idehen
Sent: ‎Sunday‎, ‎June‎ ‎29‎, ‎2014 ‎2‎:‎38‎ ‎PM
To: public-rww@w3.org, public-webid@w3.org
Cc: peter Msn





All,

Simple example of loosely coupled identification and authentication. 
Basically, I have a simple Access Control List (ACL) that requires you 
to verify your identity using a variety of identifier and authentication 
protocol combos en route to viewing the protected resource (a PNG image).

Note: WebID-TLS and TLS are distinct options i.e., you can use one or 
the other.

Links:

[1] 
http://kingsley.idehen.net/DAV/home/kidehen/Public/RWW-Demos/billionaire-ping-pong.png


-- 
Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this





-- 
Regards,

Kingsley Idehen	      
Founder & CEO 
OpenLink Software     
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this
Received on Sunday, 29 June 2014 23:33:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC