- From: peter williams <home_pw@msn.com>
- Date: Tue, 12 Apr 2011 12:45:28 -0700
- To: "'Henry Story'" <henry.story@bblfish.net>
- CC: "'Akbar Hossain'" <mail@akbarhossain.com>, "'WebID XG'" <public-xg-webid@w3.org>
- Message-ID: <SNT143-ds17519D073968EDCDAE93FB92AB0@phx.gbl>
Its not complex thinking; I simply try to use libraries I have from major vendors, rather than do any programming (Im a crap programmer, limited to visual basic programming, or similar). Where possible I also use security standards, rather than invent my own stuff (because I'm limited at security eval, since it takes years to get it right). Where possible, I use services (since they tend to be delivered by folks cleverer than me). Its my personal limits that drive my choices. Working in realty, I have work within commodity and legacy constraints (which is not the case if one is doing research, or building the very platform): I don't have any choice. If IE6 has bugs, I code around them.if 30% of my users use IE6! I think we do this outside W3C, between uriburner and others interested parties. It's pointless arguing about architecture. You don't want a web service, intermediating (whereas I do and need it simply to lessen the burden, and isolate specialized security enforcement to a data service). I want correctness, and am happy to delegate. Forcing folks to do what they don't want just produces resistance, manifest in hinderances, ad hominem. Now, youv'e admitted before that your own implementation uses such a webservice behind the scenes. We can do this as an implementation project, not a W3C project. It can become a defacto standard, if that's the way the world goes. Im not sure where x-509 MIME types are defined (its been a decade or more since I did IETF stuff). I'm passed caring, since its de facto status now (like most good standards). It works in a billion PCs, and that really matter. PEM format is even defined, but we talk about it all the time! From: Henry Story [mailto:henry.story@bblfish.net] Sent: Tuesday, April 12, 2011 12:24 PM To: peter williams Cc: 'Akbar Hossain'; 'WebID XG' Subject: Re: Authentication workflow draft. On 12 Apr 2011, at 21:14, peter williams wrote: If we wanted to use W3C standards (even partly), we could even post <wsse: BinarySecurityToken Id="myX509Token" ValueType="wsse: X509v3" EncodingType="wsse: Base64Binary"> NIFEPzCCA9CrAwIBAgIQEmtJZc0 . .. The rest of the X. 509 base 64 data FExErTECA .. . </wsse:BinarySecurityToken> over https (with client authn + SSL Sessionid). All it has to be is something like (ignoring the SOAP bit): http://msdn.microsoft.com/en-us/library/ms996951.aspx (Adding the X.509 Certificate Token to a SOAP Message) could we be allowed JUST a tiny wee bit of SOAP (since java, and dotNet and . all do the above, being so ancient a spec)? If not, then we are back to fussing with mime types and encoding headers etc, per my last message No this is a RESTful list. We are working on hypermedia applications here. I do notice a very strong tendendency with you to always seek out the more complicated solutions, rather than the simpler ones, to seek complexity rather than simplicity... From: akkiehossain@gmail.com [mailto:akkiehossain@gmail.com] On Behalf Of Akbar Hossain Sent: Tuesday, April 12, 2011 11:04 AM To: peter williams Cc: WebID XG; Andrei Sambra; Kingsley Idehen Subject: Re: RE: Authentication workflow draft. Perhaps a small variant of the delegated service as per foafssl.org <http://foafssl.org/> On 12 Apr 2011 18:03, "peter williams" <home_pw@msn.com> wrote: > Yes, it's time for a restful web service (supported by https client authn and SSL session management) that takes a base64 encode cert as input, and returns YES/NO > > The input parser should assume the worst: strange CRLF or LR or CR, random header text, variable number of dashes, missing final EOL, UTF header bytes, web friendly char sets or ascii - so as to deal with the realty of "PEM encoding" > > Another variant would take a cert sha1 fingerprint, rather than the cert. > > -----Original Message----- > From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org] On Behalf Of Kingsley Idehen > Sent: Tuesday, April 12, 2011 9:29 AM > To: peter williams > Cc: 'Andrei Sambra'; 'WebID XG' > Subject: Re: Authentication workflow draft. > > On 4/12/11 12:14 PM, peter williams wrote: >> This is relevant to me, as it means for each URI in the SAN, I do a uriburner query, which (remotely) looks for a cert:identity match for 1 card at a time. >> >> Can sparql have multiple FROM lines? Perhaps? > > Yes, re. Virtuoso's SPARQL support. > >> Can the query be modified so Id know which URI matched, if one could specify multiple matches? > > Yes. > > I am guessing its time for a WebID verification service. Ditto email verification service as spec'd by Toby a while back. > > -- > > Regards, > > Kingsley Idehen > President& CEO > OpenLink Software > Web: http://www.openlinksw.com <http://www.openlinksw.com/> > Weblog: http://www.openlinksw.com/blog/~kidehen > Twitter/Identi.ca: kidehen > > > > > > > > Social Web Architect http://bblfish.net/
Received on Tuesday, 12 April 2011 19:46:00 UTC