Re: webid to openid to azure to shib from Kingsley Idehen on 2011-12-23 (public-xg-webid@w3.org from December 2011)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Fri, 23 Dec 2011 11:52:47 -0500
To: public-xg-webid@w3.org
Message-ID: <4EF4B1DF.10609@openlinksw.com>

On 12/23/11 11:17 AM, Peter Williams wrote:
> Kingsley's team has made a working run of webid -> openid -> ws-fedp, 
> using Microsoft Azure' STS service as the bridge. Both of my certs 
> (same key) with different webid (one pointing at a turtle file, one 
> pointing an a blog page) work, and induce Microsoft Azure cloud STS to 
> release a signed SAML token (evil XML with xml/dsig, of  course) to an 
> assertion consuming service.
>
> To make it a better demo (and one that can be public), we really now 
> need someone from the academic Shib community to join in. We need 
> someone (ideally tied into the internet2 or UK equivalent projects) 
> with a public Shib endpoint to first complete an Azure IDP to Shib SP 
> interworking demo, using the production ADFS (ws-fedp) feature of the 
> Shib 2.0 software. Then, we hook the two ends of the pipe together. 
> There seems no reason why one cannot use webid to get access to the 
> Shib world, at this point.
>
> Ill put up a demo website myself on Azure, later. I dont have any 
> funds to pay for the compute hours, to keep the image operational. If 
> somebody else wants to go get a trial Azure license (and some compute 
> hours),  perhaps you can let me use it. A tiny image is fine. Ive 
> already used my trial rights from Microsoft more than once (and I 
> cannot abuse their goodwill any more...)

We've used Amazon AWS since its inception. Never got round to using 
Azure, but I think you've set the foundation for doing that. I don't 
mind getting an Azure instance setup for this effort. Only potential 
delay is the holiday period which kinda starts today. Thus, I will (as 
time permits) look at getting Azure setup so we have a playground. We 
have developer relationships with Microsoft too, so there are many ways 
we (OpenLink) can deal with the costs.

>
> For now, we will have to settle for an openid demo, with webid as the 
> challenge.
>
> at https://openid.net/foundation/members/registration I used the 
> following "openid"
>
> http://id.myopenlink.net/openid-proxy/id.vsp?w=http://yorkporc.blogspot.com/%23
>
> as that is a pain, I just made a shorter *http://tinyurl.com/pwopenid*
>
> Kingsley's ods system receives the openid request, challenges using 
> webid, does ods magic (beyond my comprehension) concerning the 
> semantic web, and returns an openid response to the openid 
> foundation's registration page. i Do NOT have an account on the ODS 
> system (as far as I know), and the ODS service is essentially a public 
> bridge, for an webid <-> openid interworking.

Yep! You've described it well. It's only magic until folks grok the true 
power of Linked Data, AWWW, combined with the obsession we have with 
functional middleware (driven by standards implementation)  at OpenLink 
Software :-)
>
>
>


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Friday, 23 December 2011 16:53:12 UTC