Re: Loosely Coupled Identification and Authentication Demo -- Microsoft IdP from Kingsley Idehen on 2014-06-30 (public-webid@w3.org from June 2014)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 30 Jun 2014 08:22:25 -0400
To: Peter Williams <home_pw@msn.com>, "public-rww@w3.org" <public-rww@w3.org>, "public-webid@w3.org" <public-webid@w3.org>
Message-ID: <53B15681.2090505@openlinksw.com>

On 6/29/14 7:24 PM, Peter Williams wrote:
> We cannot have a “more” list of 3 million icons. And I have no 
> intention of using an American brand (like Microsoft or Google, or 
> ...l) for anything that has the slightest value.
>
> What do we do?
Peter,

You don't have to remember or type in a URI when accessing a protected 
resource using the Virtualized Authentication Layer (VAL) referred to in 
my earlier post. I've produced a screenshot from my ODS (OpenLink Data 
Spaces) based Briefcase (our equivalent of OneDrive, Dropbox, Google 
Drive etc..) that displays the current authenticated identity associated 
with a user agent session [1].

If I wanted to make a more fine-grained acl, scoped to a specific URI, I 
would simply copy and paste that URI for use in my ACL. As for users, 
they never need to type anything when accessing protected resources, 
they simply click on a button.

If you wanted to use your Microsoft URI in the SAN of an X.509 cert you 
have two choices:

1. Simply generate your x.509 cert (Digital Identity Card) using YouID 
-- take the Microsoft PdP (Profile Data Provider) route with one of the 
following as the IdP (Identity Provider -- service that stores public 
part of your Identification oriented Claims) OneDrive, Dropbox, Google 
Drive etc..

2. Do it by hand using provider certificate generator provided by 
relevant operating system.

Either way, our NetID-TLS (a superset of WebID-TLS) protocol with handle 
identity claims authentication. In short, that's what happens when you 
click on the buttons presented by the VAL dialog.

Links:

[1] http://susepaste.org/35303595 -- My Identifier from Microsoft's Data 
Space (which is comprised of millions of other user accounts for every 
Microsoft app/service user)

-- 
Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog 1: http://kidehen.blogspot.com
Personal Weblog 2: http://www.openlinksw.com/blog/~kidehen
Twitter Profile: https://twitter.com/kidehen
Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Personal WebID: http://kingsley.idehen.net/dataspace/person/kidehen#this

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 30 June 2014 12:22:52 UTC