- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Thu, 12 Jul 2012 17:56:51 +0200
- To: public-rww <public-rww@w3.org>
- Message-ID: <CAKaEYhJ3=FDOsMSf1okwRFApmmrySkHnttU5hjpMb0jhpGSncA@mail.gmail.com>
---------- Forwarded message ---------- From: Olivier Berger <olivier.berger@it-sudparis.eu> Date: 12 July 2012 17:39 Subject: Delegated WebID authentication plugin contributed to fusionforge To: public-webid <public-webid@w3.org> Hi. FYI, I've just contributed a FusionForge [0] plugin [1] that allows one-click SSO to a forge using WebID (and a delegated IdP like auth.my-profile.eu for instance). In future episodes, we may try and benefit from the forge's ability to generate FOAF profiles for it's contributors to go one step beyond, but that's already a start. The plugin relies on the PHP lib WebIDDelegatedAuth [2] that Andrei and me just "forked off" libAuthentication (yesterday ;-). Thanks to Melvin and other contributors for the license change, which helps embedding it in fusionforge without rendering it AGPL. Best regards, [0] http://fusionforge.org/ [1] https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/WebID_Auth_plugin [1] https://github.com/WebIDauth/WebIDDelegatedAuth ---------- Forwarded message ---------- From: Olivier Berger <olivier.berger@it-sudparis.eu> To: fusionforge-general@lists.fusionforge.org Cc: Date: Thu, 12 Jul 2012 17:30:10 +0200 Subject: Delegated WebID authentication plugin contributed - Was: Re: [Fusionforge-commits] r15985 - in trunk/src/plugins: . authwebid ... Hi. FYI, my just committed contribution is a plugin that allows SSO with "one-clik" through the use of WebID [0]. This is a work that got started last year at the end of COCLICO and that I've just had the time to complete now. The principle is to bind existing fusionforge user accounts to URIs (the WebIDs in question), and to delegate to a third party WebID identity provider the responsability to verify the authentication with these WebIDs. The admin of the forge must then trust that WebID Identity Provider (IdP) to properly verify the user's SSL client cert associated to that WebID (see the WebID specs [1] for the principles of WebID's use of SSL client certs). Popular WebID Idp are foafssl.org and auth.my-profile.eu. The plugin relies on the WebIDDelegatedAuth [2] library which embeds the necessary bits to check the IdP's response. FYI, that library was "forked off" (scaled down) libAuthentication [3], which was a bit too big for the task, and after it was (recently) relicensed to MIT to avoid embedding bits of AGPL into FusionForge. For those used to OpenID or BrowserID, it's more or less the same principle, but under the hood, WebID uses Semantic Web standards like RDF (FOAF) and SSL certs, is distributed by mature, rendering authentication less prone to monopolies (among other nice properties). The code was just committed to the trunk, but works on 5.2 AFAICT. I've added some of these details at https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/WebID_Auth_plugin Hope this helps. Best regards, [0] http://webid.info/ [1] http://www.w3.org/2005/Incubator/webid/spec/ [2] https://github.com/WebIDauth/WebIDDelegatedAuth [3] https://github.com/melvincarvalho/libAuthentication P.S.: that closes https://fusionforge.org/tracker/index.php?func=detail&aid=311&group_id=6&atid=114 Olivier Berger <olberger@fusionforge.org> writes: > Author: olberger > Date: 2012-07-12 16:06:33 +0200 (Thu, 12 Jul 2012) > New Revision: 15985 > > Added: > trunk/src/plugins/authwebid/ ... -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France) -- Olivier BERGER http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8 Ingenieur Recherche - Dept INF Institut Mines-Telecom, Telecom SudParis, Evry (France)
Received on Thursday, 12 July 2012 15:57:24 UTC