W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: WebIDauth - authentication service written in PHP.

From: Henry Story <henry.story@bblfish.net>
Date: Sun, 10 Apr 2011 14:04:24 +0200
Cc: public-xg-webid@w3.org
Message-Id: <26E86723-917E-4255-8790-8E1C90219C9E@bblfish.net>
To: Andrei Sambra <andrei@fcns.eu>

On 10 Apr 2011, at 13:33, Andrei Sambra wrote:

> On Sat, 2011-04-09 at 13:09 +0200, Henry Story wrote:
>> On 9 Apr 2011, at 12:58, Andrei Sambra wrote:
>> 
>>> I forgot to mention that I set up a testing suite (more or less), which
>>> can be used to test authentication (either auth.fcns.eu or foafssl.org),
>>> to create foaf profiles in several formats (json/turtle/rdfxml/n3),
>>> lookup webid's and display them in a nice format / debug format, convert
>>> a webid from a format to another (see above).
>>> 
>>> It's a work in progress so expect lots of things to be bugged.
>>> 
>>> Here is the link: http://webid.fcns.eu
>> 
>> yes, that produces very beautiful output.
>> 
>> But you need a more technical WebID test suite, that will return rdfa describing exactly
>> how the authentication was determined, and showing the user his public key.
>> 
>> (we have not settled on the rdfa, so for the moment pure human readable html is ok :-)
>> 
> I see one issue with your suggestion; if a webserver is not configured
> to request a certificate, it cannot read the public key of the client.

yes, the basic test suite I am speaking of is not designed for sites like
webid.fcns.eu, but rather for auth.fcns.eu . We need to test pure WebID implementations
so that we don't need to have as much mail on the list every time someone implements webid
again :-)

> So, we either pass it in the URL from the IdP, or the admin configures
> SSL on the SP to demand a certificate when connecting to a particular
> part of the website.
> 
> We should also keep in mind that some service providers might not use
> SSL, but they could verify the validity of the authentication process by
> checking the signature of the returned URL (webid+ts) and thus allow
> users to log in with their webids.
> 
>>>> 
>>> 
>>> 
>>> 
>> 
>> Social Web Architect
>> http://bblfish.net/
>> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Sunday, 10 April 2011 12:04:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC