On 5 Apr 2011, at 15:46, Kingsley Idehen wrote: > On 4/5/11 9:34 AM, Henry Story wrote: >> On 5 Apr 2011, at 15:26, Kingsley Idehen wrote: >>> On 4/5/11 5:09 AM, Henry Story wrote: >>>> I put an initial Clerezza servers up on bblfish.net with the WebId test >>>> endpoint running here: >>>> >>>> https://bblfish.net:8443/test/WebId [1] >>>> >>>> This will show you >>>> >>>> - the public key from the certificate you used, if any >>>> - for each claimed WebId: >>>> which were verified, failed or are still unverified >>>> (that last option is to allow for asynchronous WebId checking ) >>> [snip] >>> Henry, >>> >>> Works fine with my "http:" scheme based WebID but doesn't seem to do so >>> with my "mailto:"; and "acct:" scheme based WebIDs. Anyway, I'll double >>> check a few things on my side re. these non "http:" scheme based WebIDs >>> just in case something else is amiss. >> Nothing is amiss: I don't implement those yet, and they are not speced out >> carefully yet. > > Something is amiss since you shouldn't be implementing anything. All you > should be doing is asking the IdP to verify the Identity in the security > token (X.509 cert). You shouldn't be doing that yourself i.e., in your coe, > hence the problem :-)
Well it's probably a bug on my part. I need to check the code to see what is happening with certificates that contain mailto urls. I think I forgot to check that, and it probably throws an exception somwhere. Now that means I need to create myself a cert with a mailto url in there... thanks for bringing that up. Henry > >> That would be the purpose of such a test suite to test though. Just how many >> features are implemented by a server. > > A Relying Party (the one seeking to verify Identity re. resource access) asks > the IdP (the identity token issuer and verifier) to verify an Identity, it > shouldn't be doing the IdPs job via local code, which seems to be the case > here. > > Kingsley >> Henry >> >>> >>> Kingsley >> Social Web Architect >> http://bblfish.net/ >> >> >> > > > -- > > Regards, > > Kingsley Idehen > President& CEO > OpenLink Software > Web: http://www.openlinksw.com > Weblog: http://www.openlinksw.com/blog/~kidehen > Twitter/Identi.ca: kidehen > > > > > Social Web Architect http://bblfish.net/
