[foaf-protocols] WebID talk at W3C

Dave Longley dlongley at digitalbazaar.com
Wed Aug 25 08:55:13 CEST 2010

On 08/25/2010 01:05 AM, Manu Sporny wrote:
> On 08/24/2010 12:41 AM, Kingsley Idehen wrote:
>> I have one little issue. The demo, your platform demo,  isn't one I
>> would call representative of WebID's essence.
>> Sorry, but I still don't get the elevation of Manu's solution to
>> definitive demo status re. WebID.
>> Manu: no offense intended here, but this simply doesn't feel right at
>> all.
> No offense taken. However, I should point out that it is our demo that
> was the basis for this meeting with the W3C this coming Thursday. One of
> the things they were expecting to see was a demo of WebID - and that was
> supposed to be a small part of an overall demonstration on Identity on
> the Web.
> I've also been talking with Henry and he said that he'd have a more
> representativve WebID demo as a 2-3 minute video ready by the time that
> we present. I've already said that we'd integrate that into the slide deck.
> Re: the Js+Flash WebID demo, we have tried to be true to the WebID spec
> as it stands right now. Specifically, this section:
> http://payswarm.com/webid/#authentication-sequence
> We do steps #1-#4 right now. #5 and #6 is something we're working on,
> but has been proven already via other implementations... it's just a
> matter of hooking up an RDF/XML parser or XHTML+RDFa parser and doing a
> query on the resulting graph.

Just finished some quick coding. The JS/Flash demo does a sparql query 
to retrieve the modulus and exponent of the public key from the web ID 
URL RDF (after obtaining it over https) and checks them against the 
public key from the certificate provided by the client. This should 
cover steps #5 and #6 now.

The RDF stuff is done using PHP's librdf bindings. We need to throw 
together a tar.gz of the full source, but some of the utility functions 
are publically visible on the server right now, e.g:


It isn't the most robust code ever written, but it currently gets the 
job done for the demo and those links might be of some use for anyone 
working on Web ID authentication stuff in PHP.

Almost 100% of the source for the http://webid.digitalbazaar.com example 
Web ID provider can be viewed immediately (since it is mostly javascript 
and html).

> I think much of the misunderstandings of what the demo does and does not
> do can be chalked up to not having the proper documentation in place to
> explain exactly what is happening with the Javascript + Flash WebID demo
> and what our development timeline looks like.
> It seems to me that both Henry, Kinsgley and Joe are saying that even if
> we implement steps #1-#6, and we allow export of WebID to the browser
> keychain that we still wouldn't be "representative of WebID's essence".
> I'm having a hard time understanding what we are missing as both Henry
> and Kingsley are listing different things at different levels of importance.
>> Joe Presbrey wrote:
>> Agreed. I think it would be a sad waste of WebID's 15 minutes to
>> mention Javascript or Flash.
> We never intended to focus on that part since it's an implementation
> detail. It doesn't matter in the long run since we want this stuff to be
> in browsers. However, we have to have a good answer to the "What if
> browser vendors don't see things in the way that the WebID community
> sees things?". How do we get from login/identity on the Web today to the
> promised land of WebID 3 years from now?
>> A WebID demo should simply be a URI that enables login/signup using
>> WebIDs generated by any WebID protocol compliant platform.  A more
>> neutral demonstration of WebID prowess resides at:
>> https://ophelia.g5n.co.uk:10443/cheese/
> Henry has reassured me that he will have a demo like this, ready to
> present to W3C by Thursday. So we have both approaches covered.
> -- manu

Dave Longley
Digital Bazaar, Inc.
Phone: 540-961-4469

More information about the foaf-protocols mailing list