[foaf-protocols] maturing of OAUTH

Peter Williams home_pw at msn.com
Wed Feb 2 23:00:32 CET 2011


Rather than use an OAUTH bridge "service", folks in windows land alsop publish some script code http://blogs.msdn.com/b/lukeh/archive/2010/09/05/twitter-oauth-in-f.aspx ( in a fun scripting language).
 
Im wondering if its time, Henry, to update the FOAF+SSL IDP demo, and let foaf.me talk to the IDP using OAUTH.
 
When I look at my original script implementation here of what the demo does today, and then contrast it with the script for OAUTH, there seems little reason not to use what everyone else uses!
 
Then, since in the FOAF+SSL concept there seems to be a need to prove one has write-access to the profile graph (as part of showing control over the identifier and its binding the cert values within the graph), perhaps with little cost the FOAF+SSL demo can be updated to exploiit the claims of OAUTH - since with OAUTH one not only gets a token back from the API, but one gets "API rights" at the IDP while you are there - such as the abiity to post and update the cert datums in the IDP's records of the foaf card.
 
Finally, I wonder if we should to use and promote a microsoft term, that Im starting to like - one fashione becuase they typically _bridge_ multiple SSO protocol runs. The have : Federation Partner (FP).
 
IN my baseline test flow, in which I login to foaf.me, which redirects to the java entity current known as an "IDP", which seeks a client cert and then verifies the whole FOAF_SSL  process including getting a foaf card from the xwiki naming authority for my webid, in Microsoft lan d this entity would not be called an IDP, but an FP. Thats becuase its a bridge - which verifies (FOAF+SSL on one channel) and re-asserts (OAUTH ideally, on another).
 
 
 
 
 
 

 
 


From: home_pw at msn.com
To: foaf-protocols at lists.foaf-project.org
Date: Wed, 2 Feb 2011 13:13:48 -0800
Subject: [foaf-protocols] maturing of OAUTH




http://blogs.msdn.com/b/card/archive/2010/11/29/protecting-and-consuming-rest-based-resources-with-acs-wif-and-the-oauth-2-0-protocol.aspx
 
Since I looked a year ago, the hosted "identity brokering" world in Microsoft land has come a long way. As I imagined the world would evolve, its a protocol gateway. Real endpoint and code is thus insulated from any of the religions, giving an investor in code some condidence that the code is not too comparmentalized.
 
Now, your average programmer can easily program classes that expose RESTful interfaces (or SOAP, if you prefer), and work with the "ACS" gateway in the cloud frabric ...to have it bridge the sessions over to OAUTH IDPs (and perform the OAUTH protocol on the wire).
 
I half remember reading that it can similar bridging for openid protocol runs, interact with live id tenants of the Windows Live space, and other variations of the same thing.
 
Can anyone point to Microsoft adoption, half-adoption, positive statements about XRD culture (and xmldsig-signed XRD files, moreover)?
 
What I liked about the example of XRD given here was... that it used the foaf vocab of course. I could not really read it (not having a mental model of how the relationship model really works, or how the ontology "inserts itself" into the XML Links attributes), but I got the gist.
 
Should I assume it can - when supported by the likes of the FOAF tags - be cast into an RDF graph, and treated like any other?

_______________________________________________ foaf-protocols mailing list foaf-protocols at lists.foaf-project.org http://lists.foaf-project.org/mailman/listinfo/foaf-protocols 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20110202/d0ec8ecf/attachment.htm 


More information about the foaf-protocols mailing list