[foaf-protocols] FOAF+SSL+OpenID implementation
Story Henry
henry.story at bblfish.net
Sun Mar 22 19:36:16 CET 2009
Blog: http://blogs.sun.com/bblfish
On 22 Mar 2009, at 19:32, Toby Inkster wrote:
> On Sun, 2009-03-22 at 19:25 +0100, Story Henry wrote:
>> Yes, I think this is a good solution. Without webid=W the foaf+ssl
>> enabled OpenID Server would need to fetch the OpenId page
>> and search for a link to the foaf such as
>>
>> <link rel="meta" title="foaf" href="http://bblfish.net/people/henry/
>> card" type="application/rdf+xml" />
>> That would be confirming evidence
>
> I don't think that looking for the <link rel="meta"> element would
> be a
> great solution, given that the RDF file linked to might (and often
> would) contain statements about multiple people. Sure, one of them
> might
> be the foaf:primaryTopic of the file, but I think that's a little
> flaky.
>
> Including the WebID as part of the openid.server's URI seems a more
> reliable solution, and is simpler to implement. Credit where it's
> due -
> Melvin suggested it to me on IRC.
Yes, using the webid in the url is a better solution. It requires one
less http connection.
But using <link rel="meta"...> is better than no security at all,
which is what you would get if you authenticated someone who did not
specify their webid.
Also you can always determine who is referred to in the foaf file: it
is simply the person who has the corresponding foaf:openid.
Henry
>
>
> --
> Toby Inkster <tai at g5n.co.uk>
>
More information about the foaf-protocols
mailing list