Re: header to allow webid tls on servers from Kingsley Idehen on 2019-03-15 (public-solid@w3.org from March 2019)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Fri, 15 Mar 2019 12:33:14 -0400
To: public-solid@w3.org
Message-ID: <82860fe5-55c8-1a8c-2290-1ae6714eefba@openlinksw.com>

On 3/15/19 2:46 AM, Melvin Carvalho wrote:
> as a long time user of solid servers, there is one feature that I cant
> live without
>
> and that is the ability to authenticate to a server using WebID / TLS
>
> what this means is that with a simple curl statement and attaching a
> certificate you are able to use solid server to server, which is the
> bulk of my work flow
>
> recent additions to the authentication suite, involved adding of
> webid-oidc, which was promised as an addition, rather than, a replacement
>
> I have tried on a number of occasions to use OIDC with TLS, and it's
> not ready, and frankly a large time sink
>
> However, kingsley has been using for some time an innovative
> approach.  Add a certain header to your curl request and the server
> will allow TLS authentication.  This is in line with the
> authentication enhancement that was pitched for solid -- namely oidc
> to become a point of flexibility.
>
> Mainly a question for Kingsley and the group.  How is this achieved? 
> Kingsley has stated informally a few times that he sends a webid tls
> header.  I need this feature to work.  But two questions
>
> 1. What is the name of the header?  Should we try to standardize the
> naming in this group?
>
> 2. How to patch a server so that it will make use of this functionality.
>
> What the eventual end product would is something like
>
> curl -H "Header : Value" --cert C --key C  URI
>
> And you're done.  Most solid servers do this out of the box already. 
> But for those that dont, this would be very useful in allowing server
> to server or at least, command line to server requests.


Hi Melvin,

The header is: webid-tls .

Accepted value: yes  .


This is what we use in our NSS fork.

https://github.com/OpenLinkSoftware/node-solid-server

-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software   
Home Page: http://www.openlinksw.com
Community Support: https://community.openlinksw.com
Weblogs (Blogs):
Company Blog: https://medium.com/openlink-software-blog
Virtuoso Blog: https://medium.com/virtuoso-blog
Data Access Drivers Blog: https://medium.com/openlink-odbc-jdbc-ado-net-data-access-drivers

Personal Weblogs (Blogs):
Medium Blog: https://medium.com/@kidehen
Legacy Blogs: http://www.openlinksw.com/blog/~kidehen/
              http://kidehen.blogspot.com

Profile Pages:
Pinterest: https://www.pinterest.com/kidehen/
Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
Twitter: https://twitter.com/kidehen
Google+: https://plus.google.com/+KingsleyIdehen/about
LinkedIn: http://www.linkedin.com/in/kidehen

Web Identities (WebID):
Personal: http://kingsley.idehen.net/public_home/kidehen/profile.ttl#i
        : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Friday, 15 March 2019 16:33:46 UTC