W3C home > Mailing lists > Public > public-xg-webid@w3.org > June 2011

Re: ldap = Re: [foaf-protocols] WebID test suite

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Fri, 01 Jul 2011 00:18:44 +0100
Message-ID: <4E0D0454.6070708@openlinksw.com>
To: public-xg-webid@w3.org
On 6/30/11 9:04 PM, Matt DeMoss wrote:
> Are you using either LDAPS or LDAP + StartTLS? Is the authenticity of
> attributes addressed in some other way?

Support all of the above. We attach/bind LDAP servers to Virtuoso (or an 
ODS instance) [1]. These servers are the ones that are looked up when a 
given Virtuoso (or ODS) instance is in the role of "relying party" .

Quick guide:

Attach one or more LDAP servers to your Virtuoso or ODS instance.

Generate X.509 Certificates with ldap: scheme URI for WebID placed in 
SAN  e.g. 
ldap://mail.openlinksw.com/cn=Kingsley%20Idehen%2Cou=Accounts%2Co=OpenLink%20Software%2Cc=US 


LDAP Setup:

1. Start LDAP manager UI e.g. http://ldap.example.com/admin
2. Post successful authentication click on Profile
3. Update the "Country" and "Company" (Organization) fields if empty
4. Goto security section as import X.509 Cert (DER format) so that DN is 
now associated with a Public Key.

Verification Tests:

1. If you generated Cert. using ODS and enabled WebID login, attempt a 
WebID login
2. https://id.myopenlink.net/ods/webid_demo.html .


Links:

1. http://twitpic.com/5j8xnb/full -- screenshot of Virtuoso Admin UI re. 
LDAP server attachment
2. 1. http://twitpic.com/photos/kidehen -- my screenshots taken while 
verifying this functionality.


Kingsley

>
> On Thu, Jun 30, 2011 at 3:54 PM, Kingsley Idehen<kidehen@openlinksw.com>  wrote:
>> On 6/30/11 8:22 PM, Henry Story wrote:
>>> Kingsley  tweeted few pictures on his ldap WEbID implementation:
>>>
>>>     http://twitpic.com/5j0ucl
>>>
>>> Kingsley, what do you use in the ldap directory to describe the public
>>> key?
>>>
>>> Would it be worth writing up your experience on the wiki? Perhaps under
>>> protocols/ldap ?
>> Yes, there will be a step by guide covering:
>>
>> 1. Cert. Generation
>> 2. LDAP profile management -- this includes X509 Cert. association with LDAP
>> DN
>> 3. WebID verification service.
>>
>> Kingsley
>>> Henry
>>>
>>>
>>> On 30 Jun 2011, at 00:00, Henry Story wrote:
>>>
>>>> LDAP in semweb
>>>> --------------
>>>>
>>>> Following up on the idea of ldap urls in WebID endpoints.
>>>>
>>>> - What does such an ldap url look like btw? (the one we want to put in
>>>> the X509 cert and that points to a dereferenceable resource)
>>>> - can one put a public key in there? Is there a attribute pair for those?
>>>> (I guess there will be)
>>>>
>>>> That is all that is needed for ldap URL authentication
>>>>
>>>> - does ldap allow for linking between ldap directories? a kind of ldif
>>>> version of linked data? Can we have a foaf:knows relation in ldap so that
>>>> someone can store her friends there? Or is it perhaps better just to have a
>>>> see:also link to point to an http resource which can describe relations
>>>> between people and things more flexibly?
>>>> - How many ldap endpoints are open to the world? Do they usually allow
>>>> global access to anyone, as web pages servers usually give access to anyone?
>>>> Or are they mostly just closed to the company employees behind a firewall?
>>>>   (trying to evaluate the market size here)
>>>> ->    those that do could allow webid type url dereferencing
>>>>      + but what is the proportion of those?
>>>>      + how many have access control mechanisms, so that if I am a friend
>>>> of ldap://orange.fr/@cn=Barbara Doe,dc=example,dc=com I would be able to
>>>> access more of her ldap entries?
>>>>      + what is the interest of those in ldap land to open up their ldap
>>>> servers this way? Why would they be interested? Who are they? Are they
>>>> willing to work on WebID implementations for this, and write specs for it?
>>>> (Apart from OpenLink of course)
>>>>
>>>>    Henry
>>> Social Web Architect
>>> http://bblfish.net/
>>>
>>>
>>
>> --
>>
>> Regards,
>>
>> Kingsley Idehen
>> President&    CEO
>> OpenLink Software
>> Web: http://www.openlinksw.com
>> Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca: kidehen
>>
>>
>>
>>
>>
>>
>>
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen
Received on Thursday, 30 June 2011 23:19:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:25 UTC