No subject
Sat Feb 13 19:31:10 CET 2010
(Independentally) openid4.me is supplied a Client SSL Certificate.
The client certificate has a confirmable (trusted) relationship between a
WebID and the certificate via the public keys on the SSL connection (as per
the FOAF+SSL protocol).
Openid4.me is trying to make an assertion to the OpenID RP that the URL
supplied is associated in some way to the WebID.
I think it can only do that if it trusts the contents of the WebID. However
the direction of trust from the perspective of the OpenID side of things is
probably more easily demonstrated from the OpenID URL to the WebID. You
could achieve that by say putting the public details of the certificate on
the OpenID URL (in RDFa) rather than some other relationship to the WebID
(owl:sameAs, etc) or coming up with some other scheme to make the OpenID URL
appear to be the same as the WebID URI (perhaps ignore fragments).
FOAF+SSL seems to confirm the relationship between a WebID and the RSA
public key out of the box. Not sure you can assert on anything else within
the WebID without other facts maybe signing, perhaps looking at other things
referenced within the WebID (a WOT type of calculations) or considering
other facts at your disposable not within the linked data cloud.
Adding the relationship between your WebID and OpenID via the foaf:openid is
certainly a good thing it seems to opens up quite a few interesting linked
data possibilities.
In this case I believe it is easier to have something link from the OpenID
URL to your WebID.
Let me know what we want to try.
Thanks
> For one it seems to be wrong as it would turn the Agent into a Page.
> (OpenIds are pages usually, and HTML pages quite particularly).
>
> We can link the WebId to the OpenId very easily using the foaf:openid
> relation.
>
> So in the rdfa graph you need just search for
>
> SELECT ?webid ?openid
> WHERE {
> ?webid foaf:openid ?openid .
> }
>
> (If you already have one of the WebId or the OpenId at that point, then you
> can fill in the fields to reduce the result set. If you have both your query
> becomes an ASK query)
>
> If both WebId and OpenId are in the same page, and that is the page for
> which you have the graph, then there is no further fetching to do. You would
> now just query that graph to test if the WebId was correctly associated with
> the public key.
>
> > We can make the FOAF discovery link optional on openid4.me
>
> That would be very nice, and it would speed up our service too.
>
> > If you have some pre-release examples you can send me (perhaps out of
> > band). I can make the change and test it. It should be a minor change.
>
> I hope to have the examples out very soon. Otherwise I would not be
> surprised if someone
> on this list has an rdfa homepage which contained their public key, and a
> relation to their openid being being that same page.
>
> >
> > Thanks.
> >
> >
> > On 3/4/10, Story Henry <henry.story at bblfish.net> wrote:
> >> Hi,
> >>
> >> Currently http://OpenId4.me/ requires the user to add the following
> lines to
> >> his homepage
> >>
> >> <link rel="openid.server" href="http://openid4.me/index.php" />
> >> <link rel="openid2.provider openid.server"
> >> href="http://openid4.me/index.php"/>
> >> <link rel="meta" type="application/rdf+xml" title="FOAF"
> >> href="your_foaf_file"/>
> >>
> >> I am just helping a software project rdfa enable each of its users' home
> >> pages, which I was thinking turning into their openid page. as a result
> >> though they won't have an rdf/xml page to link to. Would it be possible
> for
> >> OpenId4.me to use the rdfa in the page to grant access to the users?
> This
> >> should reduce the work OpenId4.me has to do as in one HTTP connection it
> >> will be able to get both the WebId, the OpenID and the keys.
> >>
> >> Henry
> >>
> >> Social Web Architect
> >> http://bblfish.net/
> >>
> >> _______________________________________________
> >> foaf-dev mailing list
> >> foaf-dev at lists.foaf-project.org
> >> http://lists.foaf-project.org/mailman/listinfo/foaf-dev
> >>
> >
> > --
> > Sent from my mobile device
>
>
--001636b2ad408dbdb60481091aec
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi,<br><br>Comments inline<br><br>Thanks<br><br><div class=3D"gmail_quote">=
On Thu, Mar 4, 2010 at 9:00 AM, Story Henry <span dir=3D"ltr"><<a href=
=3D"mailto:henry.story at bblfish.net">henry.story at bblfish.net</a>></span> =
wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, =
204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">On 4 Mar 2010, at=
09:18, Akbar Hossain wrote:<br>
<br>
> Hi Henry<br>
><br>
> Yes as long as the URI in the certificates subjectaltname (agent)<br>
> matches the openid url.<br>
<br>
Why do you need that?<br></blockquote><div><br>My thoughts in a bit more de=
tail were this.<br><br>From the OpenID RP side of things <a href=3D"http://=
openid4.me">openid4.me</a> is supplied a OpenID URL.<br><br>(Independentall=
y) <a href=3D"http://openid4.me">openid4.me</a> is supplied a Client SSL Ce=
rtificate. <br>
The client certificate has a confirmable (trusted) relationship between a W=
ebID and the certificate via the public keys on the SSL connection (as per =
the FOAF+SSL protocol).<br><br>Openid4.me is trying to make an assertion to=
the OpenID RP that the URL supplied is associated in some way to the WebID=
. <br>
<br>I think it can only do that if it trusts the contents of the WebID. How=
ever the direction of trust from the perspective of the OpenID side of thin=
gs is probably more easily demonstrated from the OpenID URL to the WebID. Y=
ou could achieve that by say putting the public details of the certificate =
on the OpenID URL (in RDFa) rather than some other relationship to the WebI=
D (owl:sameAs, etc) or coming up with some other scheme to make the OpenID =
URL appear to be the same as the WebID URI (perhaps ignore fragments). <br>
<br>FOAF+SSL seems to confirm the relationship between a WebID and the RSA =
public key out of the box. Not sure you can assert on anything else within =
the WebID without other facts maybe signing, perhaps looking at other thing=
s referenced within the WebID (a WOT type of calculations) or considering o=
ther facts at your disposable not within the linked data cloud.=A0 <br>
=A0<br>Adding the relationship between your WebID and OpenID via the foaf:o=
penid is certainly a good thing it seems to opens up quite a few interestin=
g linked data possibilities.<br><br>In this case I believe it is easier to=
=A0 have something link from the OpenID URL to your WebID.<br>
<br>Let me know what we want to try.<br><br>Thanks<br><br></div><blockquote=
class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); =
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>
For one it seems to be wrong as it would turn the Agent into a Page. (OpenI=
ds are pages usually, and HTML pages quite particularly).<br>
<br>
We can link the WebId to the OpenId very easily using the foaf:openid relat=
ion.<br>
<br>
So in the rdfa graph you need just search for<br>
<br>
SELECT ?webid ?openid<br>
WHERE {<br>
=A0 ?webid foaf:openid ?openid .<br>
}<br>
<br>
(If you already have one of the WebId or the OpenId at that point, then you=
can fill in the fields to reduce the result set. If you have both your que=
ry becomes an ASK query)<br>
<br>
If both WebId and OpenId are in the same page, and that is the page for whi=
ch you have the graph, then there is no further fetching to do. You would n=
ow just query that graph to test if the WebId was correctly associated with=
the public key.<br>
<br>
> We can make the FOAF discovery link optional on <a href=3D"http://open=
id4.me" target=3D"_blank">openid4.me</a><br>
<br>
That would be very nice, and it would speed up our service too.<br>
<br>
> If you have some pre-release examples you can send me (perhaps out of<=
br>
> band). I can make the change and test it. It should be a minor change.=
<br>
<br>
I hope to have the examples out very soon. Otherwise I would not be surpris=
ed if someone<br>
on this list has an rdfa homepage which contained their public key, and a r=
elation to their openid being being that same page.<br>
<br>
><br>
> Thanks.<br>
><br>
><br>
> On 3/4/10, Story Henry <<a href=3D"mailto:henry.story at bblfish.net">=
henry.story at bblfish.net</a>> wrote:<br>
>> Hi,<br>
>><br>
>> Currently http://OpenId4.me/ requires the user to add the followin=
g lines to<br>
>> his homepage<br>
>><br>
>> =A0<link rel=3D"openid.server" href=3D"<a href=
=3D"http://openid4.me/index.php" target=3D"_blank">http://openid4.me/index.=
php</a>" /><br>
>> =A0<link rel=3D"openid2.provider openid.server"<br>
>> href=3D"<a href=3D"http://openid4.me/index.php" target=3D"_bl=
ank">http://openid4.me/index.php</a>"/><br>
>> =A0<link rel=3D"meta" type=3D"application/rdf+xm=
l" title=3D"FOAF"<br>
>> href=3D"your_foaf_file"/><br>
>><br>
>> I am just helping a software project rdfa enable each of its users=
' home<br>
>> pages, which I was thinking turning into their openid page. as a r=
esult<br>
>> though they won't have an rdf/xml page to link to. Would it be=
possible for<br>
>> OpenId4.me to use the rdfa in the page to grant access to the user=
s? This<br>
>> should reduce the work OpenId4.me has to do as in one HTTP connect=
ion it<br>
>> will be able to get both the WebId, the OpenID and the keys.<br>
>><br>
>> =A0 =A0 =A0Henry<br>
>><br>
>> Social Web Architect<br>
>> <a href=3D"http://bblfish.net/" target=3D"_blank">http://bblfish.n=
et/</a><br>
>><br>
>> _______________________________________________<br>
>> foaf-dev mailing list<br>
>> <a href=3D"mailto:foaf-dev at lists.foaf-project.org">foaf-dev at lists.=
foaf-project.org</a><br>
>> <a href=3D"http://lists.foaf-project.org/mailman/listinfo/foaf-dev=
" target=3D"_blank">http://lists.foaf-project.org/mailman/listinfo/foaf-dev=
</a><br>
>><br>
><br>
> --<br>
> Sent from my mobile device<br>
<br>
</blockquote></div><br>
--001636b2ad408dbdb60481091aec--
More information about the foaf-protocols
mailing list