Re: Integration of webid by SAAS providers

On 9 August 2012 10:42, Emmanuel Dreux <edreux@cloudiway.com> wrote:

> Hi,
>
> I'm new to this DL and very interested in this technology.
> This is much more a question for Melvin, but I'm sharing it in this DL.
>
> If a SAAS provider wants to integrate the php webid implementation (
> https://github.com/melvincarvalho/libAuthentication) on top of his
> existing solution, how will he link the webid profile to his existing
> userIDs (stored in an account database)?
>

I think there's a newer library based in this, in development called webid
realm ... perhaps andrei has some more details ...


>
> - Will he have to write integration code or does this lib already
> implement code that lookups an account table to find the account matching
> the webid profile?
>

This library will allow you to login with a universal identity, ie URI.


> - Will he have to extend his SQL or LDAP schema to store/link to webid
> profile?
>

If you have a URI in your table, simply compare, if not, the simplest way I
think is to add a column to map the local ID to a universal one.


> - What will be the "webid key" that links his internal userID to the webID
> profile?
>

In webid land it currently maps to an RSA key with an exponent and
modulus.  The majority of users have one key, but many keys are possible.

The public key is stored both in the certificate and also in the public
profile.  It is normally these two that are compared, unless you employ
some kind of caching.  This means that your backend system need not store
these fields.


> --> Public key is subject to change if a cert is revoked / renewed
> --> profile URI is subject to change if the providing service is migrated
> to a new URL
>

WebID keys tend not to change very often.

Traditionally you check this on each login, but if caching is employed you
need to think about how long you want to store things.

An analogy might be with SSH which stores the public key on the initial
login and also when the fingerprint changes.

Hope that helps!


>
> --
> Regards,
> Emmanuel Dreux
> http://www.cloudiway.com
> Tel: +33 4 26 78 17 58
> Mobile: +33 6 47 81 26 70
> skype: Emmanuel.Dreux
>

Received on Sunday, 12 August 2012 20:13:42 UTC