Shared publicly  - 
 
OpenID+WebID Revisited

All of my early WebID demonstrations focused on exposing the critical value that WebID brings to OpenID. Basically, that takes the form of eliminating username-and-password-based authentication on the more obvious front, while disambiguating hyperlink-based Names and Addresses on the less obvious front, with Linked Data in mind (i.e., via OpenID you ended up with a URI based global Identifier with the requisite fidelity for InterWeb scale User Centric Identity). Unfortunately, our first pass was based on WebID support in our OpenLink Data Spaces [1] product which (to the untrained eye) could be easily misconstrued as a heavy product etc..

In recent times, we've decoupled many of our WebID implementation layers from both Virtuoso and ODS. The net effects of these actions are:

* HTML-, Windows-, and iOS5-based X.509 certificate generators that deliver certificates bearing WebID watermarks -- http://id.myopenlink.net/certgen/.

* HTML-based WebID verifier that enables you quickly verify any WebID -- http://id.myopenlink.net/ods/webid_demo.html.

* OpenID+WebID proxy service than enables WebID exploitation via OpenID.

What follows is a simple step-by guide showcasing the last of the above:

1. Get yourself a WebID.

2. Visit a space on the InterWeb that supports OpenID-based authentication.

3. When challenged for your OpenID URL, simply provide a URL in the following form: <http://id.myopenlink.net/openid-proxy/id.vsp?w={Your-WebID}>. For instance, one of my WebIDs is <http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen#this>, so I could provide <http://id.myopenlink.net/openid-proxy/id.vsp?w=http://id.myopenlink.net/dataspace/person/KingsleyUyiIdehen%23this> (an encoded URL).

Observations

You will notice that you are able to use OpenID without username-and-password-based authentication. You simply present your X.509 certificate, and that's it.

Why is this important?

WebID is best understood and appreciated when experienced as a complementary enhancement of what exists.

As usual, I've attached a sequence of screenshots that showcase OpenID+WebID using the decoupled proxy service we now provide, distinct from the ODS instances used in our much earlier implementation demos.

How Do I use this OpenID+WebID Service?

Once you have a WebID, place the following in the <head/> section of an HTML document that's published to the Web:

<link href='http://id.myopenlink.net/openid-server' rel='openid.server'/>
<link href='http://id.myopenlink.net/openid-proxy/id.vsp?w=http://{Your-OpenID-URL} rel='openid.delegate'/>

Links

1. OpenLink Data Spaces (ODS) -- <http://ods.openlinksw.com>

Related

* An early WebID+OpenID implementation that isn't currently functional, but still provides good insights into the inner workings of WebID+OpenID -- <http://openid4.me>

* A nice OpenID service for testing the prowess of OpenID+WebID -- <http://openid-demo.appspot.com/>

* An old WebID+OpenID protocol demo using ODS through Firefox on Mac OS X -- <WebID + OpenID Hybrid Protocol Demo (Voice Edition)>

* ... and through Safari on Mac OS X -- <Using Safari to Demonstrate WebID + OpenID Hybrid Protocol Power!>

* ... and through IE on Windows -- <Power of WebID + OpenID Hybrid Protocol via Internet Explorer & Windows>

* Using WebID from an iOS5 device (iPhone or iPad) with Twitter as the Identity Provider (IdP) service -- <http://goo.gl/oBYFD>

#LinkedData #WebID #Identity #Security #Nymwars #SemanticWeb #OpenID
4
3
Henry Story's profile photoKingsley Idehen's profile photo
 
Cool, I find your demos are getting a lot better, I just looked at the OSX version. A couple of remarks:
- All the certificates for your particular user have the same name. As a result it is confusing for the user who does not know which
one to select. If possible you should allow the user to name his certificates on creation by setting the CN. For example CN=Me (work) or "Me@virutuoso" etc. All browsers I know of show the CN in the selection box, and this makes it easy to choose
- I like the Openid integration (though the same problem as above appears there)
What is difficult is to explain what is going on in the background. I think the video we put togerher for the talk WebID and browsers does a good job of explaining what is going on. Your readers should be interested:
http://bblfish.net/blog/2011/05/25/
 
+Henry Story - The generator allows you to fill in the CN, you can overwrite or append text to the default entry. I do that all the time. Would add screenshots if G+ had full comprehension of editing context re. threaded conversations.
Add a comment...