Re: Authentication workflow draft.

On 12 Apr 2011, at 21:23, Henry Story wrote:

> 
> On 12 Apr 2011, at 21:14, peter williams wrote:
> 
>> If we wanted to use W3C standards (even partly), we could even post
>>  
>> <wsse: BinarySecurityToken Id="myX509Token"
>>         ValueType="wsse: X509v3"
>>         EncodingType="wsse: Base64Binary">
>> NIFEPzCCA9CrAwIBAgIQEmtJZc0 . .. The rest of the X. 509 base 64 data FExErTECA .. .
>> </wsse:BinarySecurityToken>
>>  
>> over https (with client authn + SSL Sessionid).
>>  
>> All it has to be is something like (ignoring the SOAP bit):
>> http://msdn.microsoft.com/en-us/library/ms996951.aspx (Adding the X.509 Certificate Token to a SOAP Message)
>>  
>> could we be allowed JUST a tiny wee bit of SOAP (since java, and dotNet and … all do the above, being so ancient a spec)? If not, then we are back to fussing with mime types and encoding headers etc, per my last message
> 
> No this is a RESTful list. We are working on hypermedia applications here. 
> 
> I do notice a very strong tendendency with you to always seek out the more complicated solutions, rather than the simpler ones, to seek complexity rather than simplicity... 

But we can use base64 encodings of course. I don't see that we need to take a whole SOAP spec apart to get a bit of binary encoding.


>>  
>> From: akkiehossain@gmail.com [mailto:akkiehossain@gmail.com] On Behalf Of Akbar Hossain
>> Sent: Tuesday, April 12, 2011 11:04 AM
>> To: peter williams
>> Cc: WebID XG; Andrei Sambra; Kingsley Idehen
>> Subject: Re: RE: Authentication workflow draft.
>>  
>> Perhaps a small variant of the delegated service as per foafssl.org
>> 
>> On 12 Apr 2011 18:03, "peter williams" <home_pw@msn.com> wrote:
>> > Yes, it's time for a restful web service (supported by https client authn and SSL session management) that takes a base64 encode cert as input, and returns YES/NO 
>> > 
>> > The input parser should assume the worst: strange CRLF or LR or CR, random header text, variable number of dashes, missing final EOL, UTF header bytes, web friendly char sets or ascii - so as to deal with the realty of "PEM encoding"
>> > 
>> > Another variant would take a cert sha1 fingerprint, rather than the cert.
>> > 
>> > -----Original Message-----
>> > From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of Kingsley Idehen
>> > Sent: Tuesday, April 12, 2011 9:29 AM
>> > To: peter williams
>> > Cc: 'Andrei Sambra'; 'WebID XG'
>> > Subject: Re: Authentication workflow draft.
>> > 
>> > On 4/12/11 12:14 PM, peter williams wrote:
>> >> This is relevant to me, as it means for each URI in the SAN, I do a uriburner query, which (remotely) looks for a cert:identity match for 1 card at a time.
>> >>
>> >> Can sparql have multiple FROM lines? Perhaps?
>> > 
>> > Yes, re. Virtuoso's SPARQL support.
>> > 
>> >> Can the query be modified so Id know which URI matched, if one could specify multiple matches?
>> > 
>> > Yes.
>> > 
>> > I am guessing its time for a WebID verification service. Ditto email verification service as spec'd by Toby a while back.
>> > 
>> > -- 
>> > 
>> > Regards,
>> > 
>> > Kingsley Idehen 
>> > President& CEO
>> > OpenLink Software
>> > Web: http://www.openlinksw.com
>> > Weblog: http://www.openlinksw.com/blog/~kidehen
>> > Twitter/Identi.ca: kidehen
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> > 
>> >
> 
> Social Web Architect
> http://bblfish.net/
> 

Social Web Architect
http://bblfish.net/

Received on Tuesday, 12 April 2011 19:26:43 UTC