Mon Oct 18 21:52:04 CEST 2010
he Hammar stack way seems almost unweb. (can't I believe Im saying that!!? =
I'm almost prefer the collision of old web (X.500/ldap) and web (http). At =
least they are different generations of the same thing (open systems=2C wit=
h graph based=2C metadata-querying model).
The benefit to mixing the world of X.500 (updated for the RDF "information =
model" and the "OWL/RDFS" schema language) is that the internet plays a lim=
ited role then=2C in enabling the multi-tenancy cloud model. Its VPNs (not =
DNS) that fashion subnet federations/bridges=2C linking the world of new we=
b (http URI) to old web (ldap). But=2C they all complement each other=2C wi=
th their legacy force cooperating to go forward (better than before).
Not quite as radical a change as letting the naming authorities run the wor=
ld=2C through DNS.
Date: Tue=2C 1 Feb 2011 18:52:32 -0500
From: kidehen at openlinksw.com
To: foaf-protocols at lists.foaf-project.org
Subject: Re: [foaf-protocols] doing self-signed client-cert auth to ADFS se=
rver=2C with UPN name as reference to "profile" entry
On 2/1/11 5:07 PM=2C Peter Williams wrote:=20
pattern very close to FOAF+SSL.
Doesnt sound like it would be hard for a Microsoft to adapt to FOAF+SSL typ=
e interactions=2C so its IDP could release SSO assertions to RP sites.
The only real different between whats posted there and FOAF+SSL is they use=
UPN (instead of URI)=2C and the UPN resolves through the UPN moniker rathe=
r than a URI moniker.=20
UPNs (like SPNs) have a particular identity semantic=2C of course=3B levera=
ging federated namespaces=2C and transitive trust using kerberos handshake =
between domain masters responsible for the trust points being linked into a=
chain to get from SPN-server to UPN-user.
If you look at WebFinger + WebID and how its implemented i.e.=2C mailto:=2C=
acct: scheme URIs that resolve via Hammer stack. Then you can simply apply=
this thinking to UPN (User Principal Name) re. Microsoft i.e.=2C they just=
need to support Webfinger. Naturally=2C one could just make a Webfinger br=
idge and the binding to Microsoft realm authentication is more or less done=
As an IdP I would just bridge to Microsoft as a feature. Of course=2C it wo=
uld be great if Microsoft came on board esp. as cost is zilch to them in re=
foaf-protocols mailing list
foaf-protocols at lists.foaf-project.org
Kingsley Idehen =20
President & CEO=20
OpenLink Software =20
_______________________________________________ foaf-protocols mailing list=
foaf-protocols at lists.foaf-project.org http://lists.foaf-project.org/mailma=
Content-Type: text/html; charset="iso-8859-1"
<BR>Ah yes. shudder. The Hammar stack.<BR>
Saw a really great engineer at work=2C but didnt get =3B confidence in =
the tradeoffs - far too much "political influence". <BR>
I went through its pre-cursor in detail (XRI resolution) - teaching myself =
all about the wonderful world of "java" factory patterns (which=2C to be fa=
ir=2C were VERY nicely exploited and demonstrated in the trusted resolver c=
ode in the openxri implementation).<BR>
so whats the different between FOAF+SSL and hammar stack?<BR>
The hammar stack is all built around multi-tenancy=2C leveraging the relati=
onship model that combines DNS and the whole meta/host-meta thing - =3B=
that allows for on-premise or =3B hosted metas.<BR>
More information about the foaf-protocols