Re: WebID Frustration from Kingsley Idehen on 2013-08-06 (public-lod@w3.org from August 2013)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 06 Aug 2013 09:27:52 -0400
To: public-lod@w3.org
Message-ID: <5200F9D8.9000504@openlinksw.com>

On 8/6/13 7:55 AM, Joe wrote:
> Hugh, try the MIT WebID provider... https://webid.mit.edu/
>
> You can bootstrap from MIT Certificate or your Google Account and link 
> your existing foaf
>
> It works with all the services, rww.io <http://rww.io>, data.fm 
> <http://data.fm>, my-profile, etc. in Chrome, Safari, and Firefox.
>

You can also try:

1. http://youid.openlinksw.com -- for iOS devices (support the option to 
work with an existing FOAF file, but you need to enable that via control 
panel)
2. http://id.myopenlink.net/certgen -- generation via Web browser (it 
does support the option to work with an existing FOAF file).

In reality though, for your particular user profile I would encourage 
you to simply manually add insert the relations required by the 
WebID+TLS protocol into your existing profile, after you've generated an 
X.509 certificate using in-built OS utilities [1]. If you don't want to 
use the OS utils then either option above will enable you present a 
WebID (HTTP URI that denotes an Agent) as part of the X.509 cert. 
generation pipeline.

The basic steps re. WebID and TLS based authentication:

1. Create a Profile Document -- this gets you a Personal HTTP URI (or 
WebID) that denotes entity "You"
2. Generate an X.509 Certificate -- as part of the process, place your 
WebID in the SAN (Subject Alternative Name) slot
3. Add a relation to your Profile Document that associates your WebID 
with the Public Key (exponent and modulus) from the Cert. generated in 
step #3.
4. Verify your WebID
5. Start authenticating against apps and services that support WebID+TLS 
based authentication.

The main benefits of WebID include:

1. elimination of passwords during the authentication process
2. incorporation of Linked Data into areas such as verifiable identity 
and authenticated login that leverages existing TLS infrastructure baked 
into Web user agents
3. signing emails (as you can see here, everything I state in an email 
that ends up wherever is signed by me, you can even follow-your-nose 
from this email to my profile)
4. totally platform agnostic.

Links:

[1] http://bit.ly/SuMWP4 -- creating an X.509 certificate for use with 
WebID via Mac OS X Keychain's Generator
[2] http://id.myopenlink.net/ods/webid_demo.html -- simple WebID verifier
[3] https://delicious.com/kidehen/webid -- some of my WebID related 
bookmarks assembled over the years.

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Tuesday, 6 August 2013 13:28:16 UTC