[foaf-protocols] WebID talk at W3C - WebId+Flash

Wed Aug 25 02:11:00 CEST 2010

There is still a lot we need to understand about the WebId+Flash protocol. I do think there could be something very interesting there btw. But we need to understand the whole idea much better. 

Here are a few issues that came up recently

If I go to

> https://webid.digitalbazaar.com/manage/

It tells me that my webid is 

  http://webid.digitalbazaar.com/demo/ids/1944828261

But that URL does not lead anywhere

$ curl -k -i -L http://webid.digitalbazaar.com/demo/ids/1944828261
HTTP/1.1 302 Found
Date: Tue, 24 Aug 2010 22:55:43 GMT
Server: Apache/2.2.16 (Debian)
Location: https://webid.digitalbazaar.com/demo/ids/1944828261
Vary: Accept-Encoding
Content-Length: 324
Content-Type: text/html; charset=iso-8859-1

HTTP/1.1 404 Not Found
Date: Tue, 24 Aug 2010 22:55:45 GMT
Server: Apache/2.2.16 (Debian)
Vary: Accept-Encoding
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /demo/ids/1944828261 was not found on this server.</p>
<hr>
<address>Apache/2.2.16 (Debian) Server at webid.digitalbazaar.com Port 443</address>
</body></html>

On the other hand what is interesting is that it works on all browsers simultaneously.  I am sure I only made the WebId+flash on Chrome, but all the other browsers (Netscape, Firefox, Opera) could recognised me when I went to the /manage/ url.

So I suppose the trick is that the information is place inside the flash local datastore, and that this data store is shared between all browsers on my machine . 

> 
> You use the WebID on:
> 
> https://payswarm.com/webid-demo/

That works. But how? It can't be using the WebId protocol that dereferences information from the WebID, since there is nothing at that URL. I suppose it just fetches the information from the local flash store or something?

What would be nice would be a UML diagram and some documentation detailing how this works. 

Henry

On 24 Aug 2010, at 22:22, Joe Presbrey wrote:

> On Tue, Aug 24, 2010 at 7:19 AM, Kingsley Idehen <kidehen at openlinksw.com> wrote:
>>> Great, so apparently there will be 15 minutes to present these slides.
>>> 
>>> This idea was to follow this by 10 minutes to demonstrate Manu's solution, under the heading of WebID. I am arguing that this is a bit much for a solution that we have no interoperation for, and have not considered. My argument there is that a 3 minute screencast should be more than enough.
>> 
>> Sorry, but I still don't get the elevation of Manu's solution to
>> definitive demo status re. WebID.
>> 
>> Manu: no offense intended here, but this simply doesn't feel right at all.
> 
> Agreed. I think it would be a sad waste of WebID's 15 minutes to
> mention Javascript or Flash.
> 
> Maybe I misunderstand but, my view of your JS/Flash is as a workaround
> for browsers who have not yet refined their SSL client UI. WebID needs
> to be in the browser. Much of the trust/security of the primary
> request is lost when the WebID-authn/TLS process is encapsulated as
> JS/Flash subrequests.  +extra round trips, etc.  eek!  Was this
> omission on purpose?  OTOH, this is a huge advantage we have over the
> other authn solutions and should leveraged and mentioned.
> 
> Also agreed with Steph on decentralization !~ availability.
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols