W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: WebIDauth - authentication service written in PHP.

From: Andrei Sambra <andrei@fcns.eu>
Date: Sun, 10 Apr 2011 13:33:52 +0200
To: Henry Story <henry.story@bblfish.net>
Cc: public-xg-webid@w3.org
Message-ID: <1302435232.10883.116.camel@mayu>
On Sat, 2011-04-09 at 13:09 +0200, Henry Story wrote:
> On 9 Apr 2011, at 12:58, Andrei Sambra wrote:
> 
> > I forgot to mention that I set up a testing suite (more or less), which
> > can be used to test authentication (either auth.fcns.eu or foafssl.org),
> > to create foaf profiles in several formats (json/turtle/rdfxml/n3),
> > lookup webid's and display them in a nice format / debug format, convert
> > a webid from a format to another (see above).
> > 
> > It's a work in progress so expect lots of things to be bugged.
> > 
> > Here is the link: http://webid.fcns.eu
> 
> yes, that produces very beautiful output.
> 
> But you need a more technical WebID test suite, that will return rdfa describing exactly
> how the authentication was determined, and showing the user his public key.
> 
> (we have not settled on the rdfa, so for the moment pure human readable html is ok :-)
> 
I see one issue with your suggestion; if a webserver is not configured
to request a certificate, it cannot read the public key of the client.
So, we either pass it in the URL from the IdP, or the admin configures
SSL on the SP to demand a certificate when connecting to a particular
part of the website.

We should also keep in mind that some service providers might not use
SSL, but they could verify the validity of the authentication process by
checking the signature of the returned URL (webid+ts) and thus allow
users to log in with their webids.

> >> 
> > 
> > 
> > 
> 
> Social Web Architect
> http://bblfish.net/
> 
Received on Sunday, 10 April 2011 11:33:40 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC