Delegated WebID authentication plugin contributed to fusionforge

Hi.

FYI, I've just contributed a FusionForge [0] plugin [1] that allows
one-click SSO to a forge using WebID (and a delegated IdP like
auth.my-profile.eu for instance).

In future episodes, we may try and benefit from the forge's ability to
generate FOAF profiles for it's contributors to go one step beyond, but
that's already a start.

The plugin relies on the PHP lib WebIDDelegatedAuth [2] that Andrei and me
just "forked off" libAuthentication (yesterday ;-). Thanks to Melvin and
other contributors for the license change, which helps embedding it in
fusionforge without rendering it AGPL.

Best regards,

[0] http://fusionforge.org/
[1] https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/WebID_Auth_plugin
[1] https://github.com/WebIDauth/WebIDDelegatedAuth

Forwarded message 1

  • From: Olivier Berger <olivier.berger@it-sudparis.eu>
  • Date: Thu, 12 Jul 2012 17:30:10 +0200
  • Subject: Delegated WebID authentication plugin contributed - Was: Re: [Fusionforge-commits] r15985 - in trunk/src/plugins: . authwebid ...
  • To: fusionforge-general@lists.fusionforge.org
  • Message-ID: <87obnlgfp9.fsf@inf-8657.int-evry.fr>
Hi.

FYI, my just committed contribution is a plugin that allows SSO with
"one-clik" through the use of WebID [0]. This is a work that got started
last year at the end of COCLICO and that I've just had the time to
complete now.

The principle is to bind existing fusionforge user accounts to URIs (the
WebIDs in question), and to delegate to a third party WebID identity
provider the responsability to verify the authentication with these
WebIDs.

The admin of the forge must then trust that WebID Identity Provider
(IdP) to properly verify the user's SSL client cert associated to that
WebID (see the WebID specs [1] for the principles of WebID's use of SSL
client certs).

Popular WebID Idp are foafssl.org and auth.my-profile.eu.

The plugin relies on the WebIDDelegatedAuth [2] library which embeds the
necessary bits to check the IdP's response. FYI, that library was
"forked off" (scaled down) libAuthentication [3], which was a bit too
big for the task, and after it was (recently) relicensed to MIT to avoid
embedding bits of AGPL into FusionForge.

For those used to OpenID or BrowserID, it's more or less the same
principle, but under the hood, WebID uses Semantic Web standards like
RDF (FOAF) and SSL certs, is distributed by mature, rendering
authentication less prone to monopolies (among other nice properties).

The code was just committed to the trunk, but works on 5.2 AFAICT.

I've added some of these details at
https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/WebID_Auth_plugin

Hope this helps.

Best regards,

[0] http://webid.info/
[1] http://www.w3.org/2005/Incubator/webid/spec/
[2] https://github.com/WebIDauth/WebIDDelegatedAuth
[3] https://github.com/melvincarvalho/libAuthentication

P.S.: that closes https://fusionforge.org/tracker/index.php?func=detail&aid=311&group_id=6&atid=114

Olivier Berger <olberger@fusionforge.org> writes:

> Author: olberger
> Date: 2012-07-12 16:06:33 +0200 (Thu, 12 Jul 2012)
> New Revision: 15985
>
> Added:
>    trunk/src/plugins/authwebid/
...
-- 
Olivier BERGER 
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)
-- 
Olivier BERGER 
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)

Received on Thursday, 12 July 2012 15:40:11 UTC