RE: RE: Authentication workflow draft. from peter williams on 2011-04-12 (public-xg-webid@w3.org from April 2011)

From: peter williams <home_pw@msn.com>
Date: Tue, 12 Apr 2011 12:14:45 -0700
To: "'Akbar Hossain'" <mail@akbarhossain.com>
CC: "'WebID XG'" <public-xg-webid@w3.org>
Message-ID: <SNT143-ds1861EDCAA983BAA5E1D73392AB0@phx.gbl>

If we wanted to use W3C standards (even partly), we could even post 

 

<wsse: BinarySecurityToken Id="myX509Token"

        ValueType="wsse: X509v3"

        EncodingType="wsse: Base64Binary">

NIFEPzCCA9CrAwIBAgIQEmtJZc0 . .. The rest of the X. 509 base 64 data
FExErTECA .. .

</wsse:BinarySecurityToken>

 

over https (with client authn + SSL Sessionid). 

 

All it has to be is something like (ignoring the SOAP bit):

http://msdn.microsoft.com/en-us/library/ms996951.aspx (Adding the X.509
Certificate Token to a SOAP Message)

 

could we be allowed JUST a tiny wee bit of SOAP (since java, and dotNet and
. all do the above, being so ancient a spec)? If not, then we are back to
fussing with mime types and encoding headers etc, per my last message

 

 

From: akkiehossain@gmail.com [mailto:akkiehossain@gmail.com] On Behalf Of
Akbar Hossain
Sent: Tuesday, April 12, 2011 11:04 AM
To: peter williams
Cc: WebID XG; Andrei Sambra; Kingsley Idehen
Subject: Re: RE: Authentication workflow draft.

 

Perhaps a small variant of the delegated service as per foafssl.org 

On 12 Apr 2011 18:03, "peter williams" <home_pw@msn.com> wrote:
> Yes, it's time for a restful web service (supported by https client authn
and SSL session management) that takes a base64 encode cert as input, and
returns YES/NO 
> 
> The input parser should assume the worst: strange CRLF or LR or CR, random
header text, variable number of dashes, missing final EOL, UTF header bytes,
web friendly char sets or ascii - so as to deal with the realty of "PEM
encoding"
> 
> Another variant would take a cert sha1 fingerprint, rather than the cert.
> 
> -----Original Message-----
> From: public-xg-webid-request@w3.org
[mailto:public-xg-webid-request@w3.org] On Behalf Of Kingsley Idehen
> Sent: Tuesday, April 12, 2011 9:29 AM
> To: peter williams
> Cc: 'Andrei Sambra'; 'WebID XG'
> Subject: Re: Authentication workflow draft.
> 
> On 4/12/11 12:14 PM, peter williams wrote:
>> This is relevant to me, as it means for each URI in the SAN, I do a
uriburner query, which (remotely) looks for a cert:identity match for 1 card
at a time.
>>
>> Can sparql have multiple FROM lines? Perhaps?
> 
> Yes, re. Virtuoso's SPARQL support.
> 
>> Can the query be modified so Id know which URI matched, if one could
specify multiple matches?
> 
> Yes.
> 
> I am guessing its time for a WebID verification service. Ditto email
verification service as spec'd by Toby a while back.
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen 
> President& CEO
> OpenLink Software
> Web: http://www.openlinksw.com
> Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca: kidehen
> 
> 
> 
> 
> 
> 
> 
>

Received on Tuesday, 12 April 2011 19:15:18 UTC