On 29 Apr 2010, at 00:12, Melvin Carvalho wrote: >> >> I don't think that foaf+ssl and OAuth are that similar. I will try to >> explain, OAuth is (I could be wrong here) as a way of allowing two services >> to setup trust between each other so that they can exchange data "offline" >> i.e. no longer requiring the user to be around. The (complicated) OAuth >> dance has an authentication setup which is not defined by the OAuth >> protocol, which allows for one of the services to authenticate one of its >> users so as to give the second service access to that given user's data.
I think we found a way to get something very similar to OAuth, by just coining one relationship. I wrote out a first proposal for how to do this in "Sketch of a RESTful Photo Printing Service" http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo It is quite simple: you can give the services WebIds too, then you just add in the foaf file a pointer to a ping service where the user can add new "friends": ie decide what type of access right some agent on the web can have. >> >> This is where I see foaf+ssl coming into play when thinking/talking about >> OAuth. It is this authentication step in the OAuth protocol which a given >> service could choose to use foaf+ssl as a way of authenticating a given >> WebID (user). yes. And if you add that the server can also authenticate with foaf+ssl, you can I think really simplify the whole OAuth dance. >> >> In summary, foaf+ssl is more akin to OpenID than to OAuth. Perhaps. But perhaps what is really happening is that we are moving to a totally different way of looking at the problem where these distinctions no longer make that much sense.... :-) >> foaf+ssl allows >> someone to authenticate them self as the owner of a given WebID, again >> similar to OpenID, but will a lot less to'ing and fro'ing. But, again do >> correct me if I am wrong, but OAuth is a not a way of authenticating/proving >> identity but a facility to get two services communicating with each other. >> > > Yes I agree. > > OAuth is the process of gaining an access token (delegated credentials) to a > given URI (e.g. The Twitter API) > > OpenID tends to be a browser redirect oriented method for authentication. > > FOAF+SSL can authenticate you (or a machine / client / command line ) > against any URI, and also has a delegated form, a cookie form and an apache > mod form. One important side effect of FOAF+SSL is that once you're done > with the authentication you have a pointer to a FOAF ... which means > automatically having things like, avatar, nick, name, contacts, and highly > structures pointers to a lot more data, in a RESTful way. I actually > believe that it's the side effect that will prove to be more valuable than > the authentication itself, particularly in distributed social networks. agree. Henry
