[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Social-discuss] Re: [foaf-dev] Yet another idea on a free social ne
From: |
Story Henry |
Subject: |
Re: [Social-discuss] Re: [foaf-dev] Yet another idea on a free social network |
Date: |
Thu, 29 Apr 2010 12:10:43 +0100 |
On 29 Apr 2010, at 00:12, Melvin Carvalho wrote:
>>
>> I don't think that foaf+ssl and OAuth are that similar. I will try to
>> explain, OAuth is (I could be wrong here) as a way of allowing two services
>> to setup trust between each other so that they can exchange data "offline"
>> i.e. no longer requiring the user to be around. The (complicated) OAuth
>> dance has an authentication setup which is not defined by the OAuth
>> protocol, which allows for one of the services to authenticate one of its
>> users so as to give the second service access to that given user's data.
I think we found a way to get something very similar to OAuth, by just coining
one relationship. I wrote out a first proposal for how to do this in "Sketch of
a
RESTful Photo Printing Service"
http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo
It is quite simple: you can give the services WebIds too, then you just
add in the foaf file a pointer to a ping service where the user can add new
"friends": ie decide what type of access right some agent on the web can
have.
>>
>> This is where I see foaf+ssl coming into play when thinking/talking about
>> OAuth. It is this authentication step in the OAuth protocol which a given
>> service could choose to use foaf+ssl as a way of authenticating a given
>> WebID (user).
yes. And if you add that the server can also authenticate with foaf+ssl, you can
I think really simplify the whole OAuth dance.
>>
>> In summary, foaf+ssl is more akin to OpenID than to OAuth.
Perhaps. But perhaps what is really happening is that we are moving to a totally
different way of looking at the problem where these distinctions no longer make
that much sense.... :-)
>> foaf+ssl allows
>> someone to authenticate them self as the owner of a given WebID, again
>> similar to OpenID, but will a lot less to'ing and fro'ing. But, again do
>> correct me if I am wrong, but OAuth is a not a way of authenticating/proving
>> identity but a facility to get two services communicating with each other.
>>
>
> Yes I agree.
>
> OAuth is the process of gaining an access token (delegated credentials) to a
> given URI (e.g. The Twitter API)
>
> OpenID tends to be a browser redirect oriented method for authentication.
>
> FOAF+SSL can authenticate you (or a machine / client / command line )
> against any URI, and also has a delegated form, a cookie form and an apache
> mod form. One important side effect of FOAF+SSL is that once you're done
> with the authentication you have a pointer to a FOAF ... which means
> automatically having things like, avatar, nick, name, contacts, and highly
> structures pointers to a lot more data, in a RESTful way. I actually
> believe that it's the side effect that will prove to be more valuable than
> the authentication itself, particularly in distributed social networks.
agree.
Henry
- Re: [Social-discuss] Yet another idea on a free social network, (continued)
[Social-discuss] Re: [foaf-dev] Yet another idea on a free social network, Melvin Carvalho, 2010/04/22
Message not available