Re: WebID+OpenID Proxy Service from Kingsley Idehen on 2011-12-22 (public-xg-webid@w3.org from December 2011)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 22 Dec 2011 09:21:13 -0500
To: public-xg-webid@w3.org
Message-ID: <4EF33CD9.70506@openlinksw.com>
On 12/22/11 7:49 AM, Peter Williams wrote:
>
> http://tinyurl.com/caqu4qs has my .p12 file. Feel free to test with 
> it. its password is "password". Its bound to a blogspot foaf card 
> (webid profile).
> ------------------------------------------------------------------------
> From: home_pw@msn.com
> To: kidehen@openlinksw.com; public-xg-webid@w3.org
> Date: Thu, 22 Dec 2011 04:41:03 -0800
> Subject: RE: WebID+OpenID Proxy Service
>
>
>  ok there were two bugs. Fixing the first ("server") sounds like azure 
> discovery will work better (since its fussy - i.e. conforming) about 
> its discovery process. The second bug is that OP's response was 
> missing a return field. See last graphic in my post delivered by 
> Azure. it MAY explain why 2 ither RPs with other coding could not 
> process the response, either. one tiny bug fix may sort out all 3 RPs.
>
> My cert/profile works with fcns, but not with Henry's test server 
> (last time I tested) or your test server (tested just now). Neither 
> fail gives much indication as the cause. Im perfectly happy to post my 
> .p12 file on the web, so anyone can retest (locally) with "my" 
> credentials, if its useful.
>
> ive been using "works" with FCNS as our gold standard. Perhaps i was 
> wrong? I was assuing FCNS has found the right balance between 
> ultra-conformance and liberal-parsing, etc, much like the tuning of 
> openid delivered by the MyOpenid vendor was regarded as ideal - since 
> it maximized interoperability over various versions, use of metadata, etc
>

Peter,

You had 3 URIs in your SAN: URI:http://yorkporc.blogspot.com/, 
URI:http://yorkporc.blogspot.com/#, 
URI:http://yorkporc.blogspot.com/2011/11/2uri.html#me .

That's not a problem, our verifier should treat multiple URIs in SAN 
like composite keys (a key comprised of members that are keys in their 
own right). In a sense, you are asserting subject co-reference in the 
Cert. which is fine and ultimately nifty as per prior discussions about 
this matter.

Verifier has been fixed, so you can retry.

Kingsley
>
> ------------------------------------------------------------------------
> Date: Thu, 22 Dec 2011 07:05:39 -0500
> From: kidehen@openlinksw.com
> To: public-xg-webid@w3.org
> Subject: Re: WebID+OpenID Proxy Service
>
> On 12/21/11 7:08 PM, Peter Williams wrote:
>
>
>
>     _http://wp.me/p1fcz8-1J7_  suggests a necessary bug fix, so
>     openilink with webid/openid can talk to Azure - and then realty,
>     and everywhere realty reaches as bridging IDP (which is a LONG WAY).
>     well done, Kingsley (and team). Good days work, connecting the
>     semantic web to reality (and realty).
>
>
> Peter,
>
> Re., question posed in your post, it should be: 
> http://specs.openid.net/auth/2.0/server . The issue has been fixed.
>
> Also, did you verify you WebID using the verifier at: 
> http://id.myopenlink.net/ods/webid_demo.html ?
>
> Kingsley
>
>
>     ------------------------------------------------------------------------
>     From: home_pw@msn.com <mailto:home_pw@msn.com>
>     To: kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>;
>     foaf-protocols@lists.foaf-project.org
>     <mailto:foaf-protocols@lists.foaf-project.org>;
>     public-xg-webid@w3.org <mailto:public-xg-webid@w3.org>
>     Date: Wed, 21 Dec 2011 15:17:42 -0800
>     Subject: RE: WebID+OpenID Proxy Service
>
>
>
>     I tried it with sourcforge, and the result was the same as with an
>     RPX-powered (at amazone) RP.
>
>     I also tried to bind the openlink IDP (with webid) to the Azure
>     bridge, but failed; as summarized here: _http://wp.me/p1fcz8-1J7_
>
>     The site really needs to be (and claim to be) v2. Ill guess this
>     is the crux of the issues.
>
>     but, it all looks good. Just some minor fiddles required, I
>     suspect. Wont be long before webid is (indirectly) powering a
>     SAML2 protocol exchange to the academic networks. of course, they
>     have had client certs  and https client authn inducing a SAML
>     exchange for years (in a profile focussed on ldap as the
>     repository of the graph). But, this will be cuter; as its all
>     native semweb.
>     ------------------------------------------------------------------------
>     From: home_pw@msn.com <mailto:home_pw@msn.com>
>     To: kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>;
>     foaf-protocols@lists.foaf-project.org
>     <mailto:foaf-protocols@lists.foaf-project.org>;
>     public-xg-webid@w3.org <mailto:public-xg-webid@w3.org>
>     Date: Wed, 21 Dec 2011 12:46:48 -0800
>     Subject: RE: WebID+OpenID Proxy Service
>
>     Which RP site should I try, ideally?
>
>     My trial results, at _http://wp.me/p1fcz8-1Im_
>
>     > Date: Wed, 21 Dec 2011 14:36:45 -0500
>     > From: kidehen@openlinksw.com <mailto:kidehen@openlinksw.com>
>     > To: foaf-protocols@lists.foaf-project.org
>     <mailto:foaf-protocols@lists.foaf-project.org>;
>     public-xg-webid@w3.org <mailto:public-xg-webid@w3.org>
>     > Subject: WebID+OpenID Proxy Service
>     >
>     > All,
>     >
>     > I've dropped a note about the above at: http://goo.gl/zC7tP .
>     >
>     > It's basically a decoupling of what we had in ODS re. WebID+OpenID
>     > delivered in a manner similar to: http://openid4.me .
>     >
>     >
>     > --
>     >
>     > Regards,
>     >
>     > Kingsley Idehen
>     > Founder& CEO
>     > OpenLink Software
>     > Company Web: http://www.openlinksw.com
>     > Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>     <http://www.openlinksw.com/blog/%7Ekidehen>
>     > Twitter/Identi.ca handle: @kidehen
>     > Google+ Profile: https://plus.google.com/112399767740508618350/about
>     > LinkedIn Profile: http://www.linkedin.com/in/kidehen
>     >
>     >
>     >
>     >
>     >
>     >
>
>
>
> -- 
>
> Regards,
>
> Kingsley Idehen	
> Founder&  CEO
> OpenLink Software
> Company Web:http://www.openlinksw.com
> Personal Weblog:http://www.openlinksw.com/blog/~kidehen  <http://www.openlinksw.com/blog/%7Ekidehen>
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile:https://plus.google.com/112399767740508618350/about
> LinkedIn Profile:http://www.linkedin.com/in/kidehen
>
>
>
>


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Thursday, 22 December 2011 14:21:44 UTC