W3C home > Mailing lists > Public > public-xg-webid@w3.org > December 2011

Re: webid to openid to azure to shib

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Fri, 23 Dec 2011 12:16:04 -0500
Message-ID: <4EF4B754.5010702@openlinksw.com>
To: public-xg-webid@w3.org
On 12/23/11 12:02 PM, Peter Williams wrote:
> Your OP asserting party works nicely with full openid model, too, 
> including delegation.
> I added the following to my blogger template:
> <link href='http://id.myopenlink.net/openid-server' rel='openid.server'/>
> <link 
> href='http://id.myopenlink.net/openid-proxy/id.vsp?w=http://yorkporc.blogspot.com/%23' 
> rel='openid.delegate'/>
> Now the openid Foundation accepts my openid as 
> http://yorkporc.blogspot.com/. Seems no reason why that site could not 
> now be consuming a foaf card at that address.
> So my openid is http://yorkporc.blogspot.com/ and my webid is 
> http://yorkporc.blogspot.com/# (Hmm). As Henry says, who cares about 
> URIs being visible. What matters is that cert picker dialog pops up.

Yes, but when we get to Authorization via ACLs (an application of WebID) 
we do need to be able to enter URIs when local and even LOD cloud 
lookups fail. This is where the mailto: and acct: scheme URIs are handy 
since we've been trained to remember email addresses of our friends, 
family, and professional colleagues.

Anyway, we are making serious progress!!

> ------------------------------------------------------------------------
> Date: Fri, 23 Dec 2011 11:52:47 -0500
> From: kidehen@openlinksw.com
> To: public-xg-webid@w3.org
> Subject: Re: webid to openid to azure to shib
> On 12/23/11 11:17 AM, Peter Williams wrote:
>     Kingsley's team has made a working run of webid -> openid ->
>     ws-fedp, using Microsoft Azure' STS service as the bridge. Both of
>     my certs (same key) with different webid (one pointing at a turtle
>     file, one pointing an a blog page) work, and induce Microsoft
>     Azure cloud STS to release a signed SAML token (evil XML with
>     xml/dsig, of  course) to an assertion consuming service.
>     To make it a better demo (and one that can be public), we really
>     now need someone from the academic Shib community to join in. We
>     need someone (ideally tied into the internet2 or UK equivalent
>     projects) with a public Shib endpoint to first complete an Azure
>     IDP to Shib SP interworking demo, using the production ADFS
>     (ws-fedp) feature of the Shib 2.0 software. Then, we hook the two
>     ends of the pipe together. There seems no reason why one cannot
>     use webid to get access to the Shib world, at this point.
>     Ill put up a demo website myself on Azure, later. I dont have any
>     funds to pay for the compute hours, to keep the image operational.
>     If somebody else wants to go get a trial Azure license (and some
>     compute hours),  perhaps you can let me use it. A tiny image is
>     fine. Ive already used my trial rights from Microsoft more than
>     once (and I cannot abuse their goodwill any more...)
> We've used Amazon AWS since its inception. Never got round to using 
> Azure, but I think you've set the foundation for doing that. I don't 
> mind getting an Azure instance setup for this effort. Only potential 
> delay is the holiday period which kinda starts today. Thus, I will (as 
> time permits) look at getting Azure setup so we have a playground. We 
> have developer relationships with Microsoft too, so there are many 
> ways we (OpenLink) can deal with the costs.
>     For now, we will have to settle for an openid demo, with webid as
>     the challenge.
>     at https://openid.net/foundation/members/registration I used the
>     following "openid"
>     http://id.myopenlink.net/openid-proxy/id.vsp?w=http://yorkporc.blogspot.com/%23
>     as that is a pain, I just made a shorter *http://tinyurl.com/pwopenid*
>     Kingsley's ods system receives the openid request, challenges
>     using webid, does ods magic (beyond my comprehension) concerning
>     the semantic web, and returns an openid response to the openid
>     foundation's registration page. i Do NOT have an account on the
>     ODS system (as far as I know), and the ODS service is essentially
>     a public bridge, for an webid <-> openid interworking.
> Yep! You've described it well. It's only magic until folks grok the 
> true power of Linked Data, AWWW, combined with the obsession we have 
> with functional middleware (driven by standards implementation)  at 
> OpenLink Software :-)
> -- 
> Regards,
> Kingsley Idehen	
> Founder&  CEO
> OpenLink Software
> Company Web:http://www.openlinksw.com
> Personal Weblog:http://www.openlinksw.com/blog/~kidehen  <http://www.openlinksw.com/blog/%7Ekidehen>
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile:https://plus.google.com/112399767740508618350/about
> LinkedIn Profile:http://www.linkedin.com/in/kidehen



Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Friday, 23 December 2011 17:16:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:50 UTC