- From: Andrei Sambra <andrei.sambra@gmail.com>
- Date: Sun, 18 May 2014 18:10:17 -0400
- To: Jeff Fuller <jeff@fictionverse.net>
- Cc: public-webid <public-webid@w3.org>
- Message-ID: <CAFG79egwH8wVh6Ei=tB6uZD2E4MLHBFgEcgjoMqobYMnzvVKzw@mail.gmail.com>
Hi Jeff, Congratulations on your implementation! I just logged in with several WebIDs and I can say that the whole logout/login experience is pretty slick. Using different subdomains for authentication was a clever way of avoiding certificate caching. My only suggestion at this point would be to try and personalize a bit the user experience, after login. Say..displaying the user's name or picture instead of linking to "Your profile". Keep up the good work! -- Andrei On Sun, May 18, 2014 at 1:20 PM, Jeff Fuller <jeff@fictionverse.net> wrote: > Hello, everyone. My name is Jeff Fuller, and I want to share with you my > implementation of WebID that I developed for my website, FictionVerse.net < > https://fictionverse.net> . I haven't been involved with this mailing > list, and I don't mean to introduce myself by advertising, but I've been > eager to share my work. Part of the stated purpose of the WebID Community > Group is to "grow the community of implementations", so I hope this will be > deemed appropriate. > > You can read about the details of the implementation in a blog post I > made, <https://blog.fictionverse.net/technology/the-fictionverse-webid- > implementation/> .. It's a long post with some example code towards the > end. The tl;dr version is that it uses a wildcard SSL certificate for WebID > authentication and persists sessions via cookies along with a little > trickery to emulate some useful features. It's ugly and perhaps not totally > innovative, but it does mask some of the issues commonly faced when using > WebID. > > * It allows you to log in, log out, and change users at any time, as > often as needed, without restarting the browser. > * JavaScript can be used to detect a successful or failed login, initiate > a logout, and gain access to the authenticated WebID, in real-time. > * Sessions are relatively easy to handle since they rely on cookies, a > mature and well-understood feature present in all browsers. > > That said, it's not a replacement for true identity management in the > browser and better API's for dealing with user authentication. As I mention > in the blog post, it's just a polyfill. It seems to be working well enough > so far though. > > I hope you find this to be informational, and I apologize if my > introduction here is bad form. I'm not subscribed to the list because I > don't feel like I can meaningfully contribute, but I do like to read > through the archives. I very much admire the work that all of you are > doing, and no matter what the future of WebID is, know that I'm at least > one more soul in the world who believes in it. > > Sincerely, > Jeff Fuller > <https://fictionverse.net/webid/jeff#id> > > > >
Received on Sunday, 18 May 2014 22:11:04 UTC