No subject


Mon Oct 18 21:52:04 CEST 2010 

he Hammar stack way seems almost unweb. (can't I believe Im saying that!!? =
me!?)
=20
I'm almost prefer the collision of old web (X.500/ldap) and web (http). At =
least they are different generations of the same thing (open systems=2C wit=
h graph based=2C metadata-querying model).
=20
The benefit to mixing the world of X.500 (updated for the RDF "information =
model" and the "OWL/RDFS" schema language) is that the internet plays a lim=
ited role then=2C in enabling the multi-tenancy cloud model. Its VPNs (not =
DNS) that fashion subnet federations/bridges=2C linking the world of new we=
b (http URI) to old web (ldap). But=2C they all complement each other=2C wi=
th their legacy force cooperating to go forward (better than before).
=20
Not quite as radical a change as letting the naming authorities run the wor=
ld=2C through DNS.
=20
=20
=20


Date: Tue=2C 1 Feb 2011 18:52:32 -0500
From: kidehen at openlinksw.com
To: foaf-protocols at lists.foaf-project.org
Subject: Re: [foaf-protocols] doing self-signed client-cert auth to ADFS se=
rver=2C with UPN name as reference to "profile" entry


On 2/1/11 5:07 PM=2C Peter Williams wrote:=20


http://social.msdn.microsoft.com/Forums/en/Geneva/thread/e5ce5350-f4f3-4968=
-8637-18f273cd69ea
=20
pattern very close to FOAF+SSL.
=20
Doesnt sound like it would be hard for a Microsoft to adapt to FOAF+SSL typ=
e interactions=2C so its IDP could release SSO assertions to RP sites.
=20
The only real different between whats posted there and FOAF+SSL is they use=
 UPN (instead of URI)=2C and the UPN resolves through the UPN moniker rathe=
r than a URI moniker.=20
=20
UPNs (like SPNs) have a particular identity semantic=2C of course=3B levera=
ging federated namespaces=2C and transitive trust using kerberos handshake =
between domain masters responsible for the trust points being linked into a=
 chain to get from SPN-server to UPN-user.
 =20

If you look at WebFinger + WebID and how its implemented i.e.=2C mailto:=2C=
 acct: scheme URIs that resolve via Hammer stack. Then you can simply apply=
 this thinking to UPN (User Principal Name) re. Microsoft i.e.=2C they just=
 need to support Webfinger. Naturally=2C one could just make a Webfinger br=
idge and the binding to Microsoft realm authentication is more or less done=
.

As an IdP I would just bridge to Microsoft as a feature. Of course=2C it wo=
uld be great if Microsoft came on board esp. as cost is zilch to them in re=
ality :-)

Kingsley

=20
=20

_______________________________________________
foaf-protocols mailing list
foaf-protocols at lists.foaf-project.org
http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

--=20

Regards=2C

Kingsley Idehen	     =20
President & CEO=20
OpenLink Software    =20
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen=20





_______________________________________________ foaf-protocols mailing list=
 foaf-protocols at lists.foaf-project.org http://lists.foaf-project.org/mailma=
n/listinfo/foaf-protocols 		 	   		  =

--_cbdcec17-3a91-48e4-ae93-cabbb14ab922_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style><!--
.hmmessage P
{
margin:0px=3B
padding:0px
}
body.hmmessage
{
font-size: 10pt=3B
font-family:Tahoma
}
--></style>
</head>
<body class=3D'hmmessage'>
<BR>Ah yes. shudder. The Hammar stack.<BR>
&nbsp=3B<BR>
Saw a really great engineer at work=2C but didnt get&nbsp=3B confidence in =
the tradeoffs - far too much "political influence". <BR>
&nbsp=3B<BR>
I went through its pre-cursor in detail (XRI resolution) - teaching myself =
all about the wonderful world of "java" factory patterns (which=2C to be fa=
ir=2C were VERY nicely exploited and demonstrated in the trusted resolver c=
ode in the openxri implementation).<BR>
&nbsp=3B<BR>
so whats the different between FOAF+SSL and hammar stack?<BR>
&nbsp=3B<BR>
Cloud.<BR>
&nbsp=3B<BR>
The hammar stack is all built around multi-tenancy=2C leveraging the relati=
onship model that combines DNS and the whole meta/host-meta thing -&nbsp=3B=
 that allows for on-premise or&nbsp=3B hosted metas.<BR>
&nbsp=3B<BR>

More information about the foaf-protocols mailing list