Re: Authentication workflow draft. from Henry Story on 2011-04-12 (public-xg-webid@w3.org from April 2011)

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 12 Apr 2011 21:23:35 +0200
To: peter williams <home_pw@msn.com>
Cc: "'Akbar Hossain'" <mail@akbarhossain.com>, "'WebID XG'" <public-xg-webid@w3.org>
Message-Id: <7DB33DC5-470B-43A7-B67E-BDD4EC8B30F6@bblfish.net>

On 12 Apr 2011, at 21:14, peter williams wrote:

> If we wanted to use W3C standards (even partly), we could even post
>  
> <wsse: BinarySecurityToken Id="myX509Token"
>         ValueType="wsse: X509v3"
>         EncodingType="wsse: Base64Binary">
> NIFEPzCCA9CrAwIBAgIQEmtJZc0 . .. The rest of the X. 509 base 64 data FExErTECA .. .
> </wsse:BinarySecurityToken>
>  
> over https (with client authn + SSL Sessionid).
>  
> All it has to be is something like (ignoring the SOAP bit):
> http://msdn.microsoft.com/en-us/library/ms996951.aspx (Adding the X.509 Certificate Token to a SOAP Message)
>  
> could we be allowed JUST a tiny wee bit of SOAP (since java, and dotNet and … all do the above, being so ancient a spec)? If not, then we are back to fussing with mime types and encoding headers etc, per my last message

No this is a RESTful list. We are working on hypermedia applications here. 

I do notice a very strong tendendency with you to always seek out the more complicated solutions, rather than the simpler ones, to seek complexity rather than simplicity... 



>  
>  
> From: akkiehossain@gmail.com [mailto:akkiehossain@gmail.com] On Behalf Of Akbar Hossain
> Sent: Tuesday, April 12, 2011 11:04 AM
> To: peter williams
> Cc: WebID XG; Andrei Sambra; Kingsley Idehen
> Subject: Re: RE: Authentication workflow draft.
>  
> Perhaps a small variant of the delegated service as per foafssl.org
> 
> On 12 Apr 2011 18:03, "peter williams" <home_pw@msn.com> wrote:
> > Yes, it's time for a restful web service (supported by https client authn and SSL session management) that takes a base64 encode cert as input, and returns YES/NO 
> > 
> > The input parser should assume the worst: strange CRLF or LR or CR, random header text, variable number of dashes, missing final EOL, UTF header bytes, web friendly char sets or ascii - so as to deal with the realty of "PEM encoding"
> > 
> > Another variant would take a cert sha1 fingerprint, rather than the cert.
> > 
> > -----Original Message-----
> > From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of Kingsley Idehen
> > Sent: Tuesday, April 12, 2011 9:29 AM
> > To: peter williams
> > Cc: 'Andrei Sambra'; 'WebID XG'
> > Subject: Re: Authentication workflow draft.
> > 
> > On 4/12/11 12:14 PM, peter williams wrote:
> >> This is relevant to me, as it means for each URI in the SAN, I do a uriburner query, which (remotely) looks for a cert:identity match for 1 card at a time.
> >>
> >> Can sparql have multiple FROM lines? Perhaps?
> > 
> > Yes, re. Virtuoso's SPARQL support.
> > 
> >> Can the query be modified so Id know which URI matched, if one could specify multiple matches?
> > 
> > Yes.
> > 
> > I am guessing its time for a WebID verification service. Ditto email verification service as spec'd by Toby a while back.
> > 
> > -- 
> > 
> > Regards,
> > 
> > Kingsley Idehen 
> > President& CEO
> > OpenLink Software
> > Web: http://www.openlinksw.com
> > Weblog: http://www.openlinksw.com/blog/~kidehen
> > Twitter/Identi.ca: kidehen
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> >

Social Web Architect
http://bblfish.net/

Received on Tuesday, 12 April 2011 19:24:07 UTC