[foaf-protocols] Securing the Next Generation of Web Apps - talk
Peter Williams
home_pw at msn.com
Wed Nov 30 19:09:34 CET 2011
What is the status of the mission to pursuade openid providers to add the webid validation protocol to the user challenges they already issue, and let this gate minting of the openid assertions.
Once there is a openid 2.0 IDP doing webid validation (did openid.me die?), I can adopt today, assuming the customer accepts that particular openid provider and webid as claims source. (Obviously, the protocol implementations all have to conform, working with the Microsoft Azure gateway we use. Its pretty well tested for conformance...).
I could never decide if webid was pro openid or hostile. It seemed to depend on Henry's mood.
Stories about how openid1.0 and semantic web went different ways are irrelevant, for what matters is today. Are folks comfortable letting openid OPs TODAY act as validation agents, and then minting their assertions using the webid as the openid claimedID (http form)?
teh same question goes for OAUTH.
Do we expect validation agent to be part of a pipeline of security processes in the web, or a native integration (only).
This speaks to whether the audience is ONLY semantic web app builders, or the general web (that is just want to do web app logon).
----------------------------------------
> From: henry.story at bblfish.net
> Date: Wed, 30 Nov 2011 12:11:06 +0100
> CC: foaf-protocols at lists.foaf-project.org
> To: public-xg-webid at w3.org
> Subject: Securing the Next Generation of Web Apps - talk
>
> At the recent W3C Conference Brad Hill (Paypal) and Scott Stender (iSEC Partners)
> gave a talk that is very relevant to our work here. It gives a big picture context
> of how WebID would fit into other applications
>
> http://www.w3.org/conf/#Securing_Web_Apps
>
>
> Henry
>
> Social Web Architect
> http://bblfish.net/
>
>
More information about the foaf-protocols
mailing list