Re: WebID Frustration

On 6 August 2013 17:54, Norman Gray <norman@astro.gla.ac.uk> wrote:

>
> Hugh and Kingsley, hello.
>
> On 2013 Aug 6, at 14:27, Kingsley Idehen wrote:
>
> > In reality though, for your particular user profile I would encourage
> you to simply manually add insert the relations required by the WebID+TLS
> protocol into your existing profile, after you've generated an X.509
> certificate using in-built OS utilities [1].
>
> I've just done this, prompted by your message, Hugh, and it was oddly
> easy, _with_ Kingsley's hints.  The following fills in a couple of elided
> steps.
>
> > 1. Create a Profile Document -- this gets you a Personal HTTP URI (or
> WebID) that denotes entity "You"
>
> I already have a FOAF file <http://nxg.me.uk/norman/>.  Tick!
>
> > 2. Generate an X.509 Certificate -- as part of the process, place your
> WebID in the SAN (Subject Alternative Name) slot
>
> I did that, using Kingsley's walkthrough of the OS X Certificate Assistant
> (within Keychain Access) at <
> https://plus.google.com/112399767740508618350/posts/62pFBxAm7Ev>.
>
> This took two goes, because I decided that I should create a certificate
> with CN "Norman Gray (WebID)", adding the "(WebID)" to avoid confusing
> myself.
>
> > 3. Add a relation to your Profile Document that associates your WebID
> with the Public Key (exponent and modulus) from the Cert. generated in step
> #3.
>
> If you use OS X Keychain Access, then 'Get Info' on the certificate will
> show the exponent and modulus.  The wrinkle here is that the Get Info
> display names the modulus as 'Public Key' (which I suppose one could
> quibble with).
>
> If you want to do it the hard way (as I had to do, to work out that that
> _was_ what they meant by 'Public Key'), then export the certificate as a
> .cer file, and
>
>   % openssl x509 -inform DER -modulus -noout -in ~/Desktop/norman-webid.cer
>
> I added this to my FOAF file with:
>
>     cert:key [
>         cert:exponent 65537;
>         cert:modulus
> "B1CF550703951EE7DFAC2E32DF1FDF8986F17B1167FFB2780109DD7D77C109F37BB558E67F031C41BD224B98CFA04F6265F02FB88C9F392CAC6C02A712B0091C63267ACDD155CCE4631EA0B177023F9C3DD898A7EEA14F72CACC4A5F64677566F36C3D98BF9492691711E1BA181667D159AEBD8B02DDBCAAD8E80451F41F9D389185533D9A6FB5316039A21494EDBE4A71DA212F91C57D66B8307E395605E02017BF3398132383928F0F36D1BC6EE9F68F03BE9C38A52180937F868869DF0FBEF1FEB8A5D799C67CCEE70C4DA7458CB9B9B73BE2614B922E2747CA6FEBB1519328C2CCEA8355873AC6790624C3A05922797319F55E146F76EEE2230FFBD46147"^^xsd:hexBinary;
>     ];
>
> I got the details of that from <http://www.w3.org/wiki/WebID>.
>
> Then I put it on the web.
>
> > 4. Verify your WebID
>
> I went to <http://webid.turnguard.com/WebIDTestServer/> and clicked on
> 'OnlyWithCert'.  I was asked to trust the server (because its certificate
> wasn't signed by a CA), and to choose which certificate to use, and ... it
> worked.  That was with both Chrome and Safari.
>
> > 5. Start authenticating against apps and services that support WebID+TLS
> based authentication.
>
> Right... where can I use this that _isn't_ just for testing, and will
> actually be (you know) useful?
>

Great job!

You can try logging in to our little linked data social network at:

https://my-profile.eu/


>
> No, this isn't the route I'd suggest to my Mum, but getting her a by-hand
> WebID might be a little premature in any case.
>
> All the best,
>
> Norman
>
>
> --
> Norman Gray  :  http://nxg.me.uk
> SUPA School of Physics and Astronomy, University of Glasgow, UK
>
>
>

Received on Tuesday, 6 August 2013 16:06:22 UTC