W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: A WebID Implementation

From: Andrei Sambra <andrei.sambra@gmail.com>
Date: Sun, 18 May 2014 18:10:17 -0400
Message-ID: <CAFG79egwH8wVh6Ei=tB6uZD2E4MLHBFgEcgjoMqobYMnzvVKzw@mail.gmail.com>
To: Jeff Fuller <jeff@fictionverse.net>
Cc: public-webid <public-webid@w3.org>
Hi Jeff,

Congratulations on your implementation! I just logged in with several
WebIDs and I can say that the whole logout/login experience is pretty
slick. Using different subdomains for authentication was a clever way of
avoiding certificate caching.

My only suggestion at this point would be to try and personalize a bit the
user experience, after login. Say..displaying the user's name or picture
instead of linking to "Your profile".

Keep up the good work!

-- Andrei

On Sun, May 18, 2014 at 1:20 PM, Jeff Fuller <jeff@fictionverse.net> wrote:

> Hello, everyone. My name is Jeff Fuller, and I want to share with you my
> implementation of WebID that I developed for my website, FictionVerse.net <
> https://fictionverse.net> . I haven't been involved with this mailing
> list, and I don't mean to introduce myself by advertising, but I've been
> eager to share my work. Part of the stated purpose of the WebID Community
> Group is to "grow the community of implementations", so I hope this will be
> deemed appropriate.
> You can read about the details of the implementation in a blog post I
> made, <https://blog.fictionverse.net/technology/the-fictionverse-webid-
> implementation/> .. It's a long post with some example code towards the
> end. The tl;dr version is that it uses a wildcard SSL certificate for WebID
> authentication and persists sessions via cookies along with a little
> trickery to emulate some useful features. It's ugly and perhaps not totally
> innovative, but it does mask some of the issues commonly faced when using
> WebID.
>  * It allows you to log in, log out, and change users at any time, as
> often as needed, without restarting the browser.
>  * JavaScript can be used to detect a successful or failed login, initiate
> a logout, and gain access to the authenticated WebID, in real-time.
>  * Sessions are relatively easy to handle since they rely on cookies, a
> mature and well-understood feature present in all browsers.
> That said, it's not a replacement for true identity management in the
> browser and better API's for dealing with user authentication. As I mention
> in the blog post, it's just a polyfill. It seems to be working well enough
> so far though.
> I hope you find this to be informational, and I apologize if my
> introduction here is bad form. I'm not subscribed to the list because I
> don't feel like I can meaningfully contribute, but I do like to read
> through the archives. I very much admire the work that all of you are
> doing, and no matter what the future of WebID is, know that I'm at least
> one more soul in the world who believes in it.
> Sincerely,
> Jeff Fuller
> <https://fictionverse.net/webid/jeff#id>
Received on Sunday, 18 May 2014 22:11:04 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC