- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Tue, 06 Aug 2013 12:43:31 -0400
- To: public-lod@w3.org
- Message-ID: <520127B3.7020503@openlinksw.com>
On 8/6/13 11:54 AM, Norman Gray wrote: > Hugh and Kingsley, hello. > > On 2013 Aug 6, at 14:27, Kingsley Idehen wrote: > >> In reality though, for your particular user profile I would encourage you to simply manually add insert the relations required by the WebID+TLS protocol into your existing profile, after you've generated an X.509 certificate using in-built OS utilities [1]. > I've just done this, prompted by your message, Hugh, and it was oddly easy, _with_ Kingsley's hints. The following fills in a couple of elided steps. > >> 1. Create a Profile Document -- this gets you a Personal HTTP URI (or WebID) that denotes entity "You" > I already have a FOAF file <http://nxg.me.uk/norman/>. Tick! > >> 2. Generate an X.509 Certificate -- as part of the process, place your WebID in the SAN (Subject Alternative Name) slot > I did that, using Kingsley's walkthrough of the OS X Certificate Assistant (within Keychain Access) at <https://plus.google.com/112399767740508618350/posts/62pFBxAm7Ev>. > > This took two goes, because I decided that I should create a certificate with CN "Norman Gray (WebID)", adding the "(WebID)" to avoid confusing myself. > >> 3. Add a relation to your Profile Document that associates your WebID with the Public Key (exponent and modulus) from the Cert. generated in step #3. > If you use OS X Keychain Access, then 'Get Info' on the certificate will show the exponent and modulus. The wrinkle here is that the Get Info display names the modulus as 'Public Key' (which I suppose one could quibble with). > > If you want to do it the hard way (as I had to do, to work out that that _was_ what they meant by 'Public Key'), then export the certificate as a .cer file, and > > % openssl x509 -inform DER -modulus -noout -in ~/Desktop/norman-webid.cer > > I added this to my FOAF file with: > > cert:key [ > cert:exponent 65537; > cert:modulus "B1CF550703951EE7DFAC2E32DF1FDF8986F17B1167FFB2780109DD7D77C109F37BB558E67F031C41BD224B98CFA04F6265F02FB88C9F392CAC6C02A712B0091C63267ACDD155CCE4631EA0B177023F9C3DD898A7EEA14F72CACC4A5F64677566F36C3D98BF9492691711E1BA181667D159AEBD8B02DDBCAAD8E80451F41F9D389185533D9A6FB5316039A21494EDBE4A71DA212F91C57D66B8307E395605E02017BF3398132383928F0F36D1BC6EE9F68F03BE9C38A52180937F868869DF0FBEF1FEB8A5D799C67CCEE70C4DA7458CB9B9B73BE2614B922E2747CA6FEBB1519328C2CCEA8355873AC6790624C3A05922797319F55E146F76EEE2230FFBD46147"^^xsd:hexBinary; > ]; > > I got the details of that from <http://www.w3.org/wiki/WebID>. > > Then I put it on the web. > >> 4. Verify your WebID > I went to <http://webid.turnguard.com/WebIDTestServer/> and clicked on 'OnlyWithCert'. I was asked to trust the server (because its certificate wasn't signed by a CA), and to choose which certificate to use, and ... it worked. That was with both Chrome and Safari. > >> 5. Start authenticating against apps and services that support WebID+TLS based authentication. > Right... where can I use this that _isn't_ just for testing, and will actually be (you know) useful? > > No, this isn't the route I'd suggest to my Mum, but getting her a by-hand WebID might be a little premature in any case. > > All the best, > > Norman > > Norman, Once you have a WebID, you can quickly verify it using a number of utilities that support the WebID+TLS authentication protocol: 1. http://id.myopenlink.net/ods/webid_demo.html 2. https://delicious.com/kidehen/webid -- for others . Once you know you've successfully authenticated, you can then explore some apps and services that support WebID and the WebID+TLS authentication protocol: 1. http://web.ods.openlinksw.com/login.vsp?returnto=index.vsp -- an instance of ODS (OpenLink Data Spaces) 2. https://my-profile.eu/ 3. http://rww.io 4. https://delicious.com/kidehen/webid_apps -- others. -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Tuesday, 6 August 2013 16:43:54 UTC