Re: header to allow webid tls on servers

On Fri, 15 Mar 2019 at 17:34, Kingsley Idehen <kidehen@openlinksw.com>
wrote:

> On 3/15/19 2:46 AM, Melvin Carvalho wrote:
> > as a long time user of solid servers, there is one feature that I cant
> > live without
> >
> > and that is the ability to authenticate to a server using WebID / TLS
> >
> > what this means is that with a simple curl statement and attaching a
> > certificate you are able to use solid server to server, which is the
> > bulk of my work flow
> >
> > recent additions to the authentication suite, involved adding of
> > webid-oidc, which was promised as an addition, rather than, a replacement
> >
> > I have tried on a number of occasions to use OIDC with TLS, and it's
> > not ready, and frankly a large time sink
> >
> > However, kingsley has been using for some time an innovative
> > approach.  Add a certain header to your curl request and the server
> > will allow TLS authentication.  This is in line with the
> > authentication enhancement that was pitched for solid -- namely oidc
> > to become a point of flexibility.
> >
> > Mainly a question for Kingsley and the group.  How is this achieved?
> > Kingsley has stated informally a few times that he sends a webid tls
> > header.  I need this feature to work.  But two questions
> >
> > 1. What is the name of the header?  Should we try to standardize the
> > naming in this group?
> >
> > 2. How to patch a server so that it will make use of this functionality.
> >
> > What the eventual end product would is something like
> >
> > curl -H "Header : Value" --cert C --key C  URI
> >
> > And you're done.  Most solid servers do this out of the box already.
> > But for those that dont, this would be very useful in allowing server
> > to server or at least, command line to server requests.
>
>
> Hi Melvin,
>
> The header is: webid-tls .
>
> Accepted value: yes  .
>

Thanks alot!

I'm happy to go with this -- there's some literature based on having
specific prefixes such as "webid-foo"

We could perhaps flesh out and standardize a bit more what various
webid-foo-bar headers could be useful for

Off the top of my head I think it's good to go with existing
implementations, but let's leave this open in case anyone else wishes to
chime in

Tho possibly "webid-auth-tls" might be a candidate, it would be nice to be
consistent with what others do, in an ideal world, I'll do some research
there


>
>
> This is what we use in our NSS fork.
>
> https://github.com/OpenLinkSoftware/node-solid-server


"This branch is 148 commits ahead"

Quite a few changes there! :)

I guess I can just do a search for webid-tls -- this is very useful,
thanks!


>
>
> --
> Regards,
>
> Kingsley Idehen
> Founder & CEO
> OpenLink Software
> Home Page: http://www.openlinksw.com
> Community Support: https://community.openlinksw.com
> Weblogs (Blogs):
> Company Blog: https://medium.com/openlink-software-blog
> Virtuoso Blog: https://medium.com/virtuoso-blog
> Data Access Drivers Blog:
> https://medium.com/openlink-odbc-jdbc-ado-net-data-access-drivers
>
> Personal Weblogs (Blogs):
> Medium Blog: https://medium.com/@kidehen
> Legacy Blogs: http://www.openlinksw.com/blog/~kidehen/
>               http://kidehen.blogspot.com
>
> Profile Pages:
> Pinterest: https://www.pinterest.com/kidehen/
> Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
> Twitter: https://twitter.com/kidehen
> Google+: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn: http://www.linkedin.com/in/kidehen
>
> Web Identities (WebID):
> Personal: http://kingsley.idehen.net/public_home/kidehen/profile.ttl#i
>         :
> http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this
>
>
>