RE: web-id starter question from Peter Williams on 2011-08-02 (public-xg-webid@w3.org from August 2011)

From: Peter Williams <home_pw@msn.com>
Date: Tue, 2 Aug 2011 05:56:14 -0700
To: <melvincarvalho@gmail.com>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-ID: <SNT143-w42A808C78B9A48E580449C923B0@phx.gbl>

 I think we should be careful about associated with the term webid any idp/rp interaction, and any assertion format - even one often used. Why? becuase there is zero about it in the spec. If, broadly, its not in the spec of the WG, its not part of the mission. Either codify it and add it to yet-another-assertion-protocol list, or lets not talk about it (here). As it stands, webid is about a brower-website relation. Its not about a browser-idp-website relation.> Date: Tue, 2 Aug 2011 11:33:36 +0200
> From: melvincarvalho@gmail.com
> To: j.jakobitsch@semantic-web.at
> CC: public-xg-webid@w3.org; akkiehossain@gmail.com
> Subject: Re: web-id starter question
> 
> On 2 August 2011 10:05, Jürgen Jakobitsch <j.jakobitsch@semantic-web.at> wrote:
> > hi,
> >
> > first off : congrats to this great project, i set up my web-id without any hassle
> > and it is very much to my liking.
> 
> Great! :)
> 
> > i'm a complete newbie with ssl, web-id and stuff..., so please excuse my ignorance...
> >
> > i of course want now want to develop some showcase and demo in our company, so my
> > questions are :
> >
> > 1. is there a best practice regarding usage of an idp like https://auth.fcns.eu/?
> >
> > the thing is, i don't really understand, what i should do with the response from
> > an idp.
> >
> > in a servlet for example an if(request.getParameter("error")==null && request.getParameter("webid")!=null && request.getHeader("referer")=="http://idp.org"){
> >   logIn = true;
> > }
> >
> > doesn't seem ok to me.
> >
> > is there an example?
> 
> I think you need to verify the signature.  For example in PHP you can use:
> 
> http://php.net/manual/en/function.openssl-verify.php
> 
> Henry probably has some code in java for this.
> 
> >
> >
> > 2. on the other hand i'm trying to get a ssl-tomcat up and running and be asked by a servlet to choose
> > one of my certificates.
> > amongst other guides, i tried this one http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/
> > without much of a success. i'm quite sure, i'm missing something...
> >
> > any gentle pointer into the right direction is greatly appreciated.
> >
> > wkr jürgen
> >
> > p.s.:
> >
> > logging in to http://foaf.me/ sometimes gives me strange results. besides taking very long,
> > i'm sometimes presented with wrong data, like
> > (right upper corner) logout http://some.uri.that.is.not.mine
> 
> I no longer look after foaf.me, but I've cc'd Akbar who runs the server.
> 
> >
> > or
> >
> > Unknown FOAF format
> > http://semantictweet.com/therealcrailtap
> > powered by FOAF.Vix 1.0
> >
> > in the "me" tab.
> >
> > --
> > punkt. netServices | Semantic Web Company
> > ______________________________
> > Jürgen Jakobitsch
> > Codeography
> >
> > Lerchenfelder Gürtel 43 Top 5/2
> > A - 1160 Wien
> > Tel.: 01 / 897 41 22 - 29
> > Fax: 01 / 897 41 22 - 22
> >
> > http://www.punkt.at | http://www.semantic-web.at
> >
> > web   : http://www.turnguard.com
> > foaf  : http://www.turnguard.com/turnguard
> > skype : jakobitsch-punkt
> >
> >
> >
> >
> >
>

Received on Tuesday, 2 August 2011 12:56:51 UTC