Re: web-id starter question

From: Kingsley Idehen <kidehen@openlinksw.com> · Date: Tue, 02 Aug 2011 11:02:30 -0400

On 8/2/11 10:42 AM, Henry Story wrote:
> Hi Jürgen,
>
>    thanks for participating. The two services foafssl.org 
> <http://foafssl.org> and webid.fcns.eu <http://webid.fcns.eu> are 
> identity providers
> to make things easier to set up for servers that do not have ssl. The 
> author of the fcns.eu <http://fcns.eu> service is currently on 
> vacation, and I am working on improving foafssl.org 
> <http://foafssl.org> - which currently has an issue.
>
>  Those two services build on webid, though in the end it is best to 
> implement webid directly,
> to avoid going through third parties.  Those extra protocols would 
> best be discussed on the foaf-protocols mailing list for the moment.

There's also a verification service at: 
http://id.myopenlink.net/ods/webid_verify.vsp . Hopefully, self 
explanatory too.

Kingsley

>
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>
>    There is no reason for example why one could not use an openid 
> based protocol instead of what we are using. Perhaps that would be a 
> better idea.
>
>    I am really hoping to have an improved version of foafssl.org 
> <http://foafssl.org> out really soon.
>
> On 2 Aug 2011, at 14:56, Peter Williams wrote:
>
>>
>>  I think we should be careful about associated with the term webid 
>> any idp/rp interaction, and any assertion format - even one often used.
>>
>> Why? becuase there is zero about it in the spec. If, broadly, its not 
>> in the spec of the WG, its not part of the mission.
>>
>> Either codify it and add it to yet-another-assertion-protocol list, 
>> or lets not talk about it (here).
>
> agree broadly. It is useful to look into it in so far as it allows one 
> to show how non TLS services could participate easily in a WebID world.
>
> But there is little need to standardise things here, as opposed to 
> with OpenId like protocols. The reason is that with WebID the Relying 
> party can choose his authentication party  (eg. foafssl.org 
> <http://foafssl.org>) - there is therefore no strong need for a 
> standard.  In OpenId on the other hand the client specifies the 
> Authenticating service (known as the IdP), and the Relying Party needs 
> to communicate with it: so there has to be a standard way for them to 
> communicate.
>
> The only reason to use an OpenID like service is that it would just 
> build nicely on people's existing knowledge.
>
>>
>> As it stands, webid is about a brower-website relation. Its not about 
>> a browser-idp-website relation.
>> > Date: Tue, 2 Aug 2011 11:33:36 +0200
>> > From:melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>
>> > To:j.jakobitsch@semantic-web.at <mailto:j.jakobitsch@semantic-web.at>
>> > CC:public-xg-webid@w3.org 
>> <mailto:public-xg-webid@w3.org>;akkiehossain@gmail.com 
>> <mailto:akkiehossain@gmail.com>
>> > Subject: Re: web-id starter question
>> >
>> > On 2 August 2011 10:05, Jürgen Jakobitsch 
>> <j.jakobitsch@semantic-web.at <mailto:j.jakobitsch@semantic-web.at>> 
>> wrote:
>> > > hi,
>> > >
>> > > first off : congrats to this great project, i set up my web-id 
>> without any hassle
>> > > and it is very much to my liking.
>> >
>> > Great! :)
>> >
>> > > i'm a complete newbie with ssl, web-id and stuff..., so please 
>> excuse my ignorance...
>> > >
>> > > i of course want now want to develop some showcase and demo in our 
>> company, so my
>> > > questions are :
>> > >
>> > > 1. is there a best practice regarding usage of an idp like 
>> https://auth.fcns.eu/?
>> > >
>> > > the thing is, i don't really understand, what i should do with the 
>> response from
>> > > an idp.
>> > >
>> > > in a servlet for example an if(request.getParameter("error")==null 
>> && request.getParameter("webid")!=null && 
>> request.getHeader("referer")=="http://idp.org"){
>> > >   logIn = true;
>> > > }
>> > >
>> > > doesn't seem ok to me.
>> > >
>> > > is there an example?
>> >
>> > I think you need to verify the signature. For example in PHP you can 
>> use:
>> >
>> > http://php.net/manual/en/function.openssl-verify.php
>> >
>> > Henry probably has some code in java for this.
>> >
>> > >
>> > >
>> > > 2. on the other hand i'm trying to get a ssl-tomcat up and running 
>> and be asked by a servlet to choose
>> > > one of my certificates.
>> > > amongst other guides, i tried this one 
>> http://virgo47.wordpress.com/2010/08/23/tomcat-web-application-with-ssl-client-certificates/
>> > > without much of a success. i'm quite sure, i'm missing something...
>> > >
>> > > any gentle pointer into the right direction is greatly appreciated.
>> > >
>> > > wkr jürgen
>> > >
>> > > p.s.:
>> > >
>> > > logging in to http://foaf.me/ sometimes gives me strange results. 
>> besides taking very long,
>> > > i'm sometimes presented with wrong data, like
>> > > (right upper corner) logout http://some.uri.that.is.not.mine
>> >
>> > I no longer look after foaf.me, but I've cc'd Akbar who runs the server.
>> >
>> > >
>> > > or
>> > >
>> > > Unknown FOAF format
>> > > http://semantictweet.com/therealcrailtap
>> > > powered by FOAF.Vix 1.0
>> > >
>> > > in the "me" tab.
>> > >
>> > > --
>> > > punkt. netServices | Semantic Web Company
>> > > ______________________________
>> > > Jürgen Jakobitsch
>> > > Codeography
>> > >
>> > > Lerchenfelder Gürtel 43 Top 5/2
>> > > A - 1160 Wien
>> > > Tel.: 01 / 897 41 22 - 29
>> > > Fax: 01 / 897 41 22 - 22
>> > >
>> > > http://www.punkt.at | http://www.semantic-web.at
>> > >
>> > > web   : http://www.turnguard.com
>> > > foaf  : http://www.turnguard.com/turnguard
>> > > skype : jakobitsch-punkt
>> > >
>> > >
>> > >
>> > >
>> > >
>> >
>
> Social Web Architect
> http://bblfish.net/
>

-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen