RE: public site up for a day or two, to demo logon using a webid to a windows azure webapp. from Peter Williams on 2012-01-04 (public-xg-webid@w3.org from January 2012)

From: Peter Williams <home_pw@msn.com>
Date: Wed, 4 Jan 2012 04:06:36 -0800
To: <henry.story@bblfish.net>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-ID: <SNT143-W323EE48C6756377F8AEBCF92970@phx.gbl>
Let's congratulate the ODS team (since they did all of it).  One can congratulate the microsoft team too, as it was against their better instinct to even allow for the "unmanged" openid option (and go beyodn the carefully engineered and QA'd integrations with Google, Yahoo openid endpoints). But they did, and now they can see it was worth it, hopefully. I didnt actually do ANYTHING - which is how it SHOULD be.        Subject: Re: public site up for a day or two, to demo logon using a webid to a  windows azure webapp.
From: henry.story@bblfish.net
Date: Wed, 4 Jan 2012 12:18:07 +0100
CC: public-xg-webid@w3.org
To: home_pw@msn.com




On 4 Jan 2012, at 11:42, Peter Williams wrote:I made a webid profile in turtle, and hosted it (finally) in a trivial windows website build, then hosted in Azure cloud. I just borrowed the typical About verb in MVC for the home page controller. http://idweb.cloudapp.net/Home/About#me.
 
I then made a second website, http://idweb.cloudapp.net:8080/ that uses the OpenLink IDP (using 2 bridges, Azure STS and OpenLink openid/webid proxy). It features a home realm selector rather similar to that Melvin showed. Using my own webid and cert made using microsoft windows bearing a single SAN URI, it not only works agains all three test sites (FOAFSSL, FCNS, ODS), it also works via the openid proxy. It should do, being so simple (for which we should give Henry some praise, occasionally, for staying on course).

Ok, that worked for me. I logged in using OpenLink .
But then I end up on http://idweb.cloudapp.net:8080/ which says
[[Welcome to the ACS MVC3 Custom Sign-In Page Sample!
    To learn more about ACS visit ACS Samples and Documentation in CodePlex. ]]
But it does not give my name, or extract the photo from my profile, or even use the CN from the certificate. So the user experience needs a lot of work still. At the top it says Hello ! - "Hello Henry Story!" would be a lot better 
So that is indeed neat that you could do this using just remote services.
Here you could be using http://foafssl.org/srv/idp to the same effect though. You are showing how someone who did not have a WebID can use an IDP to do their job for them, in a couple of lines of code. Good, but that is not new, we have had such IDPS since the start. Still it's good to see Openlink's IDP being used.
 
One knows that the client certs part works, when ODS IDP dialogs say something like (for me).
 
WebID: http://idweb.cloudapp.net/Home/About#me 
OpenID Identity: http://id.myopenlink.net/openid-proxy/id.vsp?w=http://idweb.cloudapp.net/Home/About%23me
 
I do occasionally see Aazure/ODS interworking issues, that folks will no doubt fix as customer starting paying...

yes. I wonder if it would not be possible to create a real ODS HTTP proxy service which would do those transformations without your needing to change any URIs. Ie you could set ODS as your proxy and then have to do all the transformations done for you.
 
None of the code is mine. I just hooked things together... All the code is either Microsoft sample code for their websso cloud endpoints and repling party demo sites, or Kingsley's team's work on the IDP side. Its largely identical to the kind of site that webmasters now using webmatrix (a low end website builder, for the windows community) are given, so one can easily talk to facebook, and openid enabled IDPs like Yahoo, Google (and now webid).
 
I dont know its its required, but I have an IDP account at ODS, that is also webid enabled. The IDP allowed me to also registered my third-party cert, and bind it to the IDP account. This MAY be required (for the openid proxy to work). Im not sure. Im just happy I could make it work by myself, without an OpenLink engineer doing anything for me!
 
Now, this costs 4c an hour to run. So, I can afford it for a a day or two (since that fits the kinds of costs we have to get things down to, to turn  a profit in the IT business of realty. Folks are unlike to pay more than 10-20c a month per user for webid, since they only paid a bit more for an RSA securid card with full power 2 factor assurances, and a major brand in support).  

Social Web Architect
http://bblfish.net/
Received on Wednesday, 4 January 2012 12:07:13 UTC