doing as told – with webid + openid


1. Get yourself a WebID.
2. Visit a space on the InterWeb that supports OpenID based authentication.
3. When challenged for your OpenID URL simply provide a URL in the following form:{Your-WebID}.



Let’s do the steps, just as stated.

1 says get a webid.

Ok. I choose my own profile and one of its names:


Ok its ugly as hell, but who cares. It’s a technology demo. It will grade C on an exam (for various flaws that came about as I edited it, over and over for special cases). But, it SHOULD still work (not that such matters in an academic exam).

2 says visit an openid relying party.

Well, what better site than the openid foundation.


see (and choose the signin, and openid option). note the cute little trick folks stole from the cardspace UI (blocking the modal window beneath, and doing a gray out). Hardly the same assurance, though!


3 say use a constructed URI for the claimed identifier

in my case, that is

for fun, I made a short URI of it, since I cannot type:



ok. To test, doing as the speaker wanted, to start with.

image    image

where before I clicked sign in, I ensured that the webid works (since some dick will probably say I’m lying, subverting, cheating or otherwise being improper).

The first result is (very positively) a challenge for my cert (though the display is a bit off-putting, and I don’t know to WHOM I’m releasing the cert)


When I release it, I do find out though!


on accept, it goes into hyperspace (and the browser disappeared).

If I trace second run upto the point of accept:


somethink funky then goes on with SSL and amazon web services.



The net result is


When I try my tinyURI,

image image

the result is good (in the redirect sense), and the end result is largely the same (openid RP objects, for unknown reasons).

what can we reason?

First, the relying party was WILLING to consume the OP’s metadata (so there is core trust in the SEPs in the XRDS).

Second, the challenge obviously happened by demanding a client certs

Third, there is evidence the webid passed the smell test (as we got a approve screen)

Fourth, something went wrong in the assertion handoff back to the RP, or the RP didn’t like the name form. In the latter case,  it didn’t like either of two possible name forms.

Trying a different option of the webids in the cert:-

Net result is the same:


I wonder if the openlink IDP is consuming my card’s foaf:openid property (when asserting) and its wrong?

wordpress comment review, given URI commenting property:

on using as the URI in a comment, its interesting to see what happens in the comments review section


Not sure what is going on here!



Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in webid. Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s