Re: WebIDauth - authentication service written in PHP. from Andrei Sambra on 2011-04-09 (public-xg-webid@w3.org from April 2011)

From: Andrei Sambra <andrei@fcns.eu>
Date: Sat, 09 Apr 2011 22:33:24 +0200
To: public-xg-webid@w3.org
Message-ID: <1302381204.10883.19.camel@mayu>

On Sat, 2011-04-09 at 13:05 +0200, Henry Story wrote:
> On 9 Apr 2011, at 12:44, Andrei Sambra wrote:
> 
> > Hello!
> > 
> > I would like to announce my latest project, WebIDauth, a PHP
> > authentication service for WebID. It is very similar to Henry's
> > foafssl.org service, since I wanted to maintain the same functionality
> > in order to make it compatible to existing clients out there (seeAlso
> > libAuthentication).
> > 
> > You can fetch the code from the git repository at
> > https://gitorious.org/webidauth or you can start using it directly at
> > https://auth.fcns.eu/.
> 
> I get on OSX Safari 5.0.4 (6533.20.27)
> 
> "Safari can’t open the page “https://auth.fcns.eu/” because Safari can’t establish a secure connection to the server “auth.fcns.eu”."
> 
> This is probably a problem with your ssl setup.
I don't see why. My server uses a valid SSL certificate, signed by a
known CA. It's a new server so maybe there are still some dns
propagation issues. However, I just tested it using
http://foaf.me/index.php as URL for service provider and it worked (I
got logged into foaf.me). (btw, Safari might have some residual SSL
information from the last time you tried to connect and the site had a
self-signed certificate?)

Can someone else verify this issue please?
> 
> Chromium is able to connect and asks me for a certificate. When I enter http://bblfish.net/ in the service uri box I get redirected to 
> 
> http://bblfish.net/?error=noVerifiedWebId...

That's the error code when the public key modulus doesn't match the one
in the webid. (do they match?)
> 
> Two things:
> 
> 1. I think you should work on the same test suite I am working on first
>   (see https://bblfish.net:8443/test/WebId )
>    No webId service should be without this (as yet unfinished) test suite 
Yes, I totally agree. I plan to implement it next!

> 2. I think foafssl.org should be somewhat different from what it is now, in particular it should  have a login landing page to show people what they are logging in under, and if possible allow them  logout. The problem with an immediate redirect is that people never see where they are logging into. As a result they may automatically be logged into all sites with the same id.
> 
I think this issues isn't not really related to foafssl.org, but it's
more of a general issue on how IdPs should behave. Maybe we could
discuss this further soon.
> 
> > 
> > Please let me know what you think and if possible test it in any
> > possible way!
> > 
> > Andrei
> > 
> > 
> 
> Social Web Architect
> http://bblfish.net/
> 
>

Received on Saturday, 9 April 2011 20:33:24 UTC