- From: Peter Williams <home_pw@msn.com>
- Date: Wed, 16 Feb 2011 15:55:34 -0800
- To: Henry Story <henry.story@bblfish.net>
- CC: Seth Russell <russell.seth@gmail.com>, WebID Incubator Group WG <public-xg-webid@w3.org>
- Message-ID: <BLU0-SMTP128B1E6D4C633C0BFD572E392D20@phx.gbl>
We need to simply say that it's ssl client auth with digital Ids, but without the horrendous pki overheads. Instead of cert chains, there is linked data connecting relying and asserting parties. Though ssl always assumed control over private key, webid inherits something from the original openid, now lost in the google/yahoo worlds: control over a URL identifier (demonstrated by the user showing write access to a resource located by the identifier). On Feb 16, 2011, at 8:26 AM, Henry Story <henry.story@bblfish.net> wrote: > > On 16 Feb 2011, at 17:01, Seth Russell wrote: > >> Can i ask a question here even though i'm not a member of the working group? > > Yes, of course :-) > >> This may be covered in the new spec, but can't find it. >> >> My understanding is that WebID works because it ties "a User Agent to a URI by proving that one has write access to the URI". > > yes, and that you can prove that you own to the private key that matches the public key published there in the appropriate way. > >> I can see how that works where the write access to the URI is provided by a single service, like for example foaf.me or openlinksw.com. But how does it work where a different service is asked to bind a different user agent to that *same* URI? >> For example can i get a URI and a certificate installed in my Firefox browser from foaf.me, and then on my iPod bind that same URI to the Safari of my pod? > > yes, it is quite easy to do. > All you need is to login to the the same service using the new browser, and generate a public key there. > foaf.me does not make it that easy, but it is easy to do on the server http://webid.myxwiki.org/ > I'll try putting up a clerezza server somewhere to show how this works. > > A WebID can be associated with a number of public keys, published in the same Profile Document. > > >> But let's suppose that the foar.me service can't bind the Safari in my iPod to that URI, but that openlinkssw.com can. Isn't that not a valid way that people will expect a transportable identity string to work for them? > > What should happen is that providers that make this type of functionality easier will get more used. After all you don't need a webid with all providers. > >> Has this been demonstrated to work? > > Yes Clerezza and webid.myxwiki.org do it. It is easy to implement. > See the 4 minute video on http://bblfish.net/ for a demonstration of how it works with 3 different browsers. > Of course user interface can be improved. > >> >> If this is not the proper place to ask this question, i apologize, and request redirection. > > It is one of those questions that appears a lot. It should dissapear as implementations make it easy to understand how it works. > > Henry > > > >> Seth Russell >> Podcasting: tagtalking.net >> Facebook ing: facebook.com/russell.seth >> Twitter ing: twitter.com/SethRussell >> Blogging: fastblogit.com/seth/ >> Catalog selling: www.speaktomecatalog.com >> Google profile: google.com/profiles/russell.seth >> >> > > Social Web Architect > http://bblfish.net/ >
Received on Wednesday, 16 February 2011 23:56:13 UTC