Re: [Social-discuss] Re: [foaf-dev] Yet another idea on a free social network

[Story Henry]

On 29 Apr 2010, at 00:12, Melvin Carvalho wrote:

>> 
>> I don't think that foaf+ssl and OAuth are that similar. I will try to
>> explain, OAuth is (I could be wrong here) as a way of allowing two services
>> to setup trust between each other so that they can exchange data "offline"
>> i.e. no longer requiring the user to be around. The (complicated) OAuth
>> dance has an authentication setup which is not defined by the OAuth
>> protocol, which allows for one of the services to authenticate one of its
>> users so as to give the second service access to that given user's data.

I think we found a way to get something very similar to OAuth, by just coining
one relationship. I wrote out a first proposal for how to do this in "Sketch of 
a
RESTful Photo Printing Service"

  http://blogs.sun.com/bblfish/entry/sketch_of_a_restful_photo

It is quite simple: you can give the services WebIds too, then you just 
add in the foaf file a pointer to a ping service where the user can add new
"friends": ie decide what type of access right some agent on the web can
have.


>> 
>> This is where I see foaf+ssl coming into play when thinking/talking about
>> OAuth. It is this authentication step in the OAuth protocol which a given
>> service could choose to use foaf+ssl as a way of authenticating a given
>> WebID (user).

yes. And if you add that the server can also authenticate with foaf+ssl, you can
I think really simplify the whole OAuth dance.

>> 
>> In summary, foaf+ssl is more akin to OpenID than to OAuth.

Perhaps. But perhaps what is really happening is that we are moving to a totally
different way of looking at the problem where these distinctions no longer make
that much sense.... :-)

>> foaf+ssl allows
>> someone to authenticate them self as the owner of a given WebID, again
>> similar to OpenID, but will a lot less to'ing and fro'ing. But, again do
>> correct me if I am wrong, but OAuth is a not a way of authenticating/proving
>> identity but a facility to get two services communicating with each other.
>> 
> 
> Yes I agree.
> 
> OAuth is the process of gaining an access token (delegated credentials) to a
> given URI (e.g. The Twitter API)
> 
> OpenID tends to be a browser redirect oriented method for authentication.
> 
> FOAF+SSL can authenticate you (or a machine / client / command line )
> against any URI, and also has a delegated form, a cookie form and an apache
> mod form.  One important side effect of FOAF+SSL is that once you're done
> with the authentication you have a pointer to a FOAF ... which means
> automatically having things like, avatar, nick, name, contacts, and highly
> structures pointers to a lot more data, in a RESTful way.  I actually
> believe that it's the side effect that will prove to be more valuable than
> the authentication itself, particularly in distributed social networks.

agree.

Henry