Re: WebID and CIMBA Issues from Melvin Carvalho on 2014-05-09 (public-rww@w3.org from May 2014)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Fri, 9 May 2014 03:13:38 +0200
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: "public-rww@w3.org" <public-rww@w3.org>
Message-ID: <CAKaEYhJ-8vFOGTSbf5KjHJBw7e_r9iS4yGiTDamUhqCH65vPsA@mail.gmail.com>
On 9 May 2014 00:47, Kingsley Idehen <kidehen@openlinksw.com> wrote:

> Andrei,
>
> Here is a dump from the verifier (Henry's I believe) that's integrated
> into cimb.co. Basically, my WebID authenticates successfully, but I can't
> login to cimba.
>
> In addition, you can de-reference the WebID I am using to see that the
> storage relations are in place [1].
>
>
> * Checking client TLS handshake (public key matches private key)... PASSED
> (Reason: GENEROUS)
>
> * Checking if certificate contains HTTP URIs in the subjectAltName
> field... PASSED
>
> * Found 1 URIs in the certificate.
>
> * Checking URI 1 (http://id.myopenlink.net/public_home/KingsleyUyiIdehen/
> Public/YouID/IDcard_Facebook_140505_211524/140505_211524_
> profile.ttl#identity)...
>

This WebID / Facebook bridge is very cool, btw

http://id.myopenlink.net/public_home/KingsleyUyiIdehen/Public/YouID/IDcard_Facebook_140505_211524/140505_211524_profile.ttl#identity
).


>   - Trying to fetch and process certificate(s) from webid profile...
>         Testing if the modulus representation matches the one in the webid
> (found a modulus value)...
>
>           Testing modulus... PASSED
>             WebID=cc7b8af5412abdb.......2658e4ebc0c2a6f
>              Cert  =cc7b8af5412abdb.......2658e4ebc0c2a6f
>
>           Match found in claim 1, ignoring futher tests!
>
> * Authentication successful!
>
>
> Your certificate contains the following WebIDs:
> http://id.myopenlink.net/public_home/KingsleyUyiIdehen/
> Public/YouID/IDcard_Facebook_140505_211524/140505_211524_
> profile.ttl#identity
>
> The WebID URI used to claim your identity is:
> http://id.myopenlink.net/public_home/KingsleyUyiIdehen/
> Public/YouID/IDcard_Facebook_140505_211524/140505_211524_
> profile.ttl#identity (your claim was SUCCESSFUL!)
>
> The WebID URL suffix (to be signed) for your service provider is:
> ?webid=http://id.myopenlink.net/public_home/KingsleyUyiIdehen/Public/
> YouID/IDcard_Facebook_140505_211524/140505_211524_profile.
> ttl#identity&ts=2014-05-09CEST00:41:16+02:00
>
> Unless both of those strings map to the same number, your identification
> experience will vary across clients.
>
>
>
> Your certificate in PEM format:
> -----BEGIN CERTIFICATE-----
> MIIFtzCCBJ+gAwIBAgICBzUwDQYJKoZIhvcNAQENBQAwQTEjMCEGA1UEAwwaT3Bl
> bkxpbmsgU29mdHdhcmUgTG9jYWwgQ0ExGjAYBgNVBAoMEU9wZW5MaW5rIFNvZnR3
> YXJlMB4XDTE0MDUwNjAxMTY1NFoXDTE0MDYwNTAxMTY1NFowgYwxCzAJBgNVBAYT
> AlVTMQswCQYDVQQIDAJNQTEnMCUGA1UEAwweS2luZ3NsZXkgVXlpIElkZWhlbiAo
> RmFjZWJvb2spMSAwHgYDVQQKDBdGYWNlYm9vayBTb2NpYWwgTmV0d29yazElMCMG
> CSqGSIb3DQEJARYWa2lkZWhlbkBvcGVubGlua3N3LmNvbTCCASIwDQYJKoZIhvcN
> AQEBBQADggEPADCCAQoCggEBAMx7ivVBKr2+9kdoxE3wDytMFs/jF2tzMkLpW2JF
> mhPd2PESdSitrMYflqIcAGiYBNa4jh0kY5ulLYQT33lTbd/ytt8FXXSINKVVUvLv
> cNAMi+IxRsZ3j0gVDhP/6v1RuIKvwqvmga/ZK7C1y3DIUne/FNOmBjvsYcfz31lf
> isso8lh9ql5N81ooDhgs1ivXI6DXY7EAtijWnlpA/WWMRhBBg0MG0/unPm4QOmbU
> iknf5KjuX8NpAO3pWbe0Mq5hvqv5/iDbMqyCxTTFUUMinQU52XdLmEBAIoaqb4Si
> zNPaWsDudEoEi5KzAvXLCwyrZzPqOfZyXZDCAmWOTrwMKm8CAwEAAaOCAmswggJn
> MB0GA1UdDgQWBBQ+6lDDk2KgxB/Y5Eh3IpbvNYmw3jAdBgNVHQ4EFgQUPupQw5Ni
> oMQf2ORIdyKW7zWJsN4wgZIGA1UdEQSBijCBh4aBhGh0dHA6Ly9pZC5teW9wZW5s
> aW5rLm5ldC9wdWJsaWNfaG9tZS9LaW5nc2xleVV5aUlkZWhlbi9QdWJsaWMvWW91
> SUQvSURjYXJkX0ZhY2Vib29rXzE0MDUwNV8yMTE1MjQvMTQwNTA1XzIxMTUyNF9w
> cm9maWxlLnR0bCNpZGVudGl0eTA3BglghkgBhvhCAQ0EKhYoQ2VydGlmaWNhdGUg
> R2VuZXJhdGVkIGJ5IE9wZW5MaW5rIFlvdUlELjA8BgNVHRIENYYzaHR0cDovL2lk
> Lm15b3BlbmxpbmsubmV0L2lzc3Vlci9rZXkvZGJhL2lkX3JzYSN0aGlzMA4GA1Ud
> DwEB/wQEAwIDuDAgBgNVHSUBAf8EFjAUBggrBgEFBQcDAgYIKwYBBQUHAwQwFAYJ
> YIZIAYb4QgEBAQH/BAQDAgWgMIGYBghghkgBtp9JAQSBixaBiGh0dHA6Ly9pZC5t
> eW9wZW5saW5rLm5ldC9wdWJsaWNfaG9tZS9LaW5nc2xleVV5aUlkZWhlbi9QdWJs
> aWMvWW91SUQvSURjYXJkX0ZhY2Vib29rXzE0MDUwNV8yMTE1MjQvMTQwNTA1XzIx
> MTUyNF9wdWJsaWNfa2V5LnR0bCNQdWJsaWNLZXkwOAYIYIZIAbafSQIELBYqbXlv
> cGVubGlua19iL0lEY2FyZF9GYWNlYm9va18xNDA1MDVfMjExNTI0MA0GCSqGSIb3
> DQEBDQUAA4IBAQAFnD3AdYNN9tsK8hjutNXE94d5n03j9UgyaP0rfZoYmVAiLsBH
> /Z+6V0QIbMLUNv743vIFcRGfYDO4oS+kUHsw7ESk/ap76npRjNdzUZaWYMowVg2f
> jx9j0Zd4M8Oe6PToqLi+lFTjUiGzi/ja/ngDuaa4NXuIkSZC7bDzzfBy0eBRAPBL
> 6lvXEmiWKoxJSMpd7PTOhzN/Rfvh4Jbc4XlRE8rvzTFqLelntT2PT0Ick7k0H9z1
> 5Rmt0jjDnWXEWtQNSHyk2W0UjioIYZlEi8jISBMrpLatPyupYhmjutyYwrL3zItN
> r0JcJbfaHSmOGQ/Hh1Ll1bNaeJ63T4nN+tmp
> -----END CERTIFICATE-----
>
>
> Your certificate in text format:
> Certificate:
>     Data:
>         Version: 3 (0x2)
>         Serial Number: 1845 (0x735)
>     Signature Algorithm: sha512WithRSAEncryption
>         Issuer: CN=OpenLink Software Local CA, O=OpenLink Software
>         Validity
>             Not Before: May  6 01:16:54 2014 GMT
>             Not After : Jun  5 01:16:54 2014 GMT
>         Subject: C=US, ST=MA, CN=Kingsley Uyi Idehen (Facebook),
> O=Facebook Social Network/emailAddress=kidehen@openlinksw.com
>         Subject Public Key Info:
>             Public Key Algorithm: rsaEncryption
>                 Public-Key: (2048 bit)
>                 Modulus:
>                     00:cc:7b:8a:f5:41:2a:bd:be:f6:47:68:c4:4d:f0:
>                     0f:2b:4c:16:cf:e3:17:6b:73:32:42:e9:5b:62:45:
>                     9a:13:dd:d8:f1:12:75:28:ad:ac:c6:1f:96:a2:1c:
>                     00:68:98:04:d6:b8:8e:1d:24:63:9b:a5:2d:84:13:
>                     df:79:53:6d:df:f2:b6:df:05:5d:74:88:34:a5:55:
>                     52:f2:ef:70:d0:0c:8b:e2:31:46:c6:77:8f:48:15:
>                     0e:13:ff:ea:fd:51:b8:82:af:c2:ab:e6:81:af:d9:
>                     2b:b0:b5:cb:70:c8:52:77:bf:14:d3:a6:06:3b:ec:
>                     61:c7:f3:df:59:5f:8a:cb:28:f2:58:7d:aa:5e:4d:
>                     f3:5a:28:0e:18:2c:d6:2b:d7:23:a0:d7:63:b1:00:
>                     b6:28:d6:9e:5a:40:fd:65:8c:46:10:41:83:43:06:
>                     d3:fb:a7:3e:6e:10:3a:66:d4:8a:49:df:e4:a8:ee:
>                     5f:c3:69:00:ed:e9:59:b7:b4:32:ae:61:be:ab:f9:
>                     fe:20:db:32:ac:82:c5:34:c5:51:43:22:9d:05:39:
>                     d9:77:4b:98:40:40:22:86:aa:6f:84:a2:cc:d3:da:
>                     5a:c0:ee:74:4a:04:8b:92:b3:02:f5:cb:0b:0c:ab:
>                     67:33:ea:39:f6:72:5d:90:c2:02:65:8e:4e:bc:0c:
>                     2a:6f
>                 Exponent: 65537 (0x10001)
>         X509v3 extensions:
>             X509v3 Subject Key Identifier:
> 3E:EA:50:C3:93:62:A0:C4:1F:D8:E4:48:77:22:96:EF:35:89:B0:DE
>             X509v3 Subject Key Identifier:
> 3E:EA:50:C3:93:62:A0:C4:1F:D8:E4:48:77:22:96:EF:35:89:B0:DE
>             X509v3 Subject Alternative Name:
> URI:http://id.myopenlink.net/public_home/KingsleyUyiIdehen/
> Public/YouID/IDcard_Facebook_140505_211524/140505_211524_
> profile.ttl#identity
>             Netscape Comment:
>                 Certificate Generated by OpenLink YouID.
>             X509v3 Issuer Alternative Name:
> .3http://id.myopenlink.net/issuer/key/dba/id_rsa#this
>             X509v3 Key Usage: critical
>                 Digital Signature, Key Encipherment, Data Encipherment,
> Key Agreement
>             X509v3 Extended Key Usage: critical
>                 TLS Web Client Authentication, E-mail Protection
>             Netscape Cert Type: critical
>                 SSL Client, S/MIME
>             2.16.840.1.888777.1:
> ...http://id.myopenlink.net/public_home/KingsleyUyiIdehen/
> Public/YouID/IDcard_Facebook_140505_211524/140505_211524_
> public_key.ttl#PublicKey
>             2.16.840.1.888777.2:
>                 .*myopenlink_b/IDcard_Facebook_140505_211524
>     Signature Algorithm: sha512WithRSAEncryption
>          05:9c:3d:c0:75:83:4d:f6:db:0a:f2:18:ee:b4:d5:c4:f7:87:
>          79:9f:4d:e3:f5:48:32:68:fd:2b:7d:9a:18:99:50:22:2e:c0:
>          47:fd:9f:ba:57:44:08:6c:c2:d4:36:fe:f8:de:f2:05:71:11:
>          9f:60:33:b8:a1:2f:a4:50:7b:30:ec:44:a4:fd:aa:7b:ea:7a:
>          51:8c:d7:73:51:96:96:60:ca:30:56:0d:9f:8f:1f:63:d1:97:
>          78:33:c3:9e:e8:f4:e8:a8:b8:be:94:54:e3:52:21:b3:8b:f8:
>          da:fe:78:03:b9:a6:b8:35:7b:88:91:26:42:ed:b0:f3:cd:f0:
>          72:d1:e0:51:00:f0:4b:ea:5b:d7:12:68:96:2a:8c:49:48:ca:
>          5d:ec:f4:ce:87:33:7f:45:fb:e1:e0:96:dc:e1:79:51:13:ca:
>          ef:cd:31:6a:2d:e9:67:b5:3d:8f:4f:42:1c:93:b9:34:1f:dc:
>          f5:e5:19:ad:d2:38:c3:9d:65:c4:5a:d4:0d:48:7c:a4:d9:6d:
>          14:8e:2a:08:61:99:44:8b:c8:c8:48:13:2b:a4:b6:ad:3f:2b:
>          a9:62:19:a3:ba:dc:98:c2:b2:f7:cc:8b:4d:af:42:5c:25:b7:
>          da:1d:29:8e:19:0f:c7:87:52:e5:d5:b3:5a:78:9e:b7:4f:89:
>          cd:fa:d9:a9
>
>
> Links:
>
> [1] http://bit.ly/1mGTXOX -- profile document that shows existence of
> storage relation
>
> --
>
> Regards,
>
> Kingsley Idehen
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter Profile: https://twitter.com/kidehen
> Google+ Profile: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
>
>
Received on Friday, 9 May 2014 01:14:17 UTC