Re: header to allow webid tls on servers from Melvin Carvalho on 2019-03-16 (public-solid@w3.org from March 2019)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Sat, 16 Mar 2019 07:01:18 +0100
To: Kingsley Idehen <kidehen@openlinksw.com>, Tim Berners-Lee <timbl@w3.org>
Cc: public-solid@w3.org
Message-ID: <CAKaEYh+QvoqtCgdCFz0X4PSVvB3T2m8dP=ee9ycKb4saYrPv4w@mail.gmail.com>

On Fri, 15 Mar 2019 at 19:02, Kingsley Idehen <kidehen@openlinksw.com>
wrote:

> On 3/15/19 1:28 PM, Melvin Carvalho wrote:
>
>
>
> On Fri, 15 Mar 2019 at 17:34, Kingsley Idehen <kidehen@openlinksw.com>
> wrote:
>
>> On 3/15/19 2:46 AM, Melvin Carvalho wrote:
>> > as a long time user of solid servers, there is one feature that I cant
>> > live without
>> >
>> > and that is the ability to authenticate to a server using WebID / TLS
>> >
>> > what this means is that with a simple curl statement and attaching a
>> > certificate you are able to use solid server to server, which is the
>> > bulk of my work flow
>> >
>> > recent additions to the authentication suite, involved adding of
>> > webid-oidc, which was promised as an addition, rather than, a
>> replacement
>> >
>> > I have tried on a number of occasions to use OIDC with TLS, and it's
>> > not ready, and frankly a large time sink
>> >
>> > However, kingsley has been using for some time an innovative
>> > approach.  Add a certain header to your curl request and the server
>> > will allow TLS authentication.  This is in line with the
>> > authentication enhancement that was pitched for solid -- namely oidc
>> > to become a point of flexibility.
>> >
>> > Mainly a question for Kingsley and the group.  How is this achieved?
>> > Kingsley has stated informally a few times that he sends a webid tls
>> > header.  I need this feature to work.  But two questions
>> >
>> > 1. What is the name of the header?  Should we try to standardize the
>> > naming in this group?
>> >
>> > 2. How to patch a server so that it will make use of this functionality.
>> >
>> > What the eventual end product would is something like
>> >
>> > curl -H "Header : Value" --cert C --key C  URI
>> >
>> > And you're done.  Most solid servers do this out of the box already.
>> > But for those that dont, this would be very useful in allowing server
>> > to server or at least, command line to server requests.
>>
>>
>> Hi Melvin,
>>
>> The header is: webid-tls .
>>
>> Accepted value: yes  .
>>
>>
>> This is what we use in our NSS fork.
>>
>> https://github.com/OpenLinkSoftware/node-solid-server
>
>
> Noting there is an open issue here
>
> https://github.com/OpenLinkSoftware/node-solid-server/issues/8
>
> And the value is "true" rather than "yes" -- is "true" preferred?
>
>
>
> My bad.
>
> "true" is the value rather than "yes".
>

seems like a good way to do server to server, or cli to server, I like it!

keen to standardize along these lines

cc timbl -- ps would be nice if tim signed up here :)


> --
> Regards,
>
> Kingsley Idehen 
> Founder & CEO
> OpenLink Software
> Home Page: http://www.openlinksw.com
> Community Support: https://community.openlinksw.com
> Weblogs (Blogs):
> Company Blog: https://medium.com/openlink-software-blog
> Virtuoso Blog: https://medium.com/virtuoso-blog
> Data Access Drivers Blog: https://medium.com/openlink-odbc-jdbc-ado-net-data-access-drivers
>
> Personal Weblogs (Blogs):
> Medium Blog: https://medium.com/@kidehen
> Legacy Blogs: http://www.openlinksw.com/blog/~kidehen/
>               http://kidehen.blogspot.com
>
> Profile Pages:
> Pinterest: https://www.pinterest.com/kidehen/
> Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
> Twitter: https://twitter.com/kidehen
> Google+: https://plus.google.com/+KingsleyIdehen/about
> LinkedIn: http://www.linkedin.com/in/kidehen
>
> Web Identities (WebID):
> Personal: http://kingsley.idehen.net/public_home/kidehen/profile.ttl#i
>         : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this
>
>

Received on Saturday, 16 March 2019 06:01:53 UTC