Re: Delegated WebID authentication plugin contributed to fusionforge

Hi Andrei at all,

Please read my comments bellow:

On Jul 12, 2012, at 7:59 PM, Kingsley Idehen wrote:

> On 7/12/12 12:16 PM, Andrei Sambra wrote:
>> Hi Kingsley,
>> 
>> On 07/12/2012 06:03 PM, Kingsley Idehen wrote:
>>> On 7/12/12 11:39 AM, Olivier Berger wrote:
>>>> Hi.
>>>> 
>>>> FYI, I've just contributed a FusionForge [0] plugin [1] that allows
>>>> one-click SSO to a forge using WebID (and a delegated IdP like
>>>> auth.my-profile.eu for instance).
>>>> 
>>>> In future episodes, we may try and benefit from the forge's ability to
>>>> generate FOAF profiles for it's contributors to go one step beyond, but
>>>> that's already a start.
>>>> 
>>>> The plugin relies on the PHP lib WebIDDelegatedAuth [2] that Andrei and me
>>>> just "forked off" libAuthentication (yesterday ;-). Thanks to Melvin and
>>>> other contributors for the license change, which helps embedding it in
>>>> fusionforge without rendering it AGPL.
>>>> 
>>>> Best regards,
>>>> 
>>>> [0]http://fusionforge.org/
>>>> [1]https://fusionforge.org/plugins/mediawiki/wiki/fusionforge/index.php/WebID_Auth_plugin 
>>>> [1]https://github.com/WebIDauth/WebIDDelegatedAuth
>>> 
>>> Great stuff.
>>> 
>>> BTW -- I noticed your comment: "Popular WebID Idp are foafssl.org and
>>> auth.my-profile.eu." .
>>> 
>>> Have you tried:
>>> 
>>> 1. http://id.myopenlink.net/ods/webid_verify.vsp
>>> 2. http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdP -- usage guide .
>>> 
>>> If possible, could you please test our service as it should just work.
>>> 
>> I just tried to authentication through your service. These are the problems I've encountered:
>> 
>> 1. The service does not demand the browser cert, but instead expects the user to copy/paste the cert into a form field.
>> 

This is basically not true, if you call https://id.myopenlink.net/ods/webid_verify.vsp with a callback parameter as it is outlined on that page the HTTP client should supply certificate. If explanation message is not clear please notify, we will fix it. 

>> 2. Returned URI does not conform to foafssl.org and auth.my-profile.eu. These are param names retuned by the services mentioned above:
>> 

When this become a standard for params and returned values ?

>> a) webid= the urlencoded WebID of the user connecting
>> 
>> b) ts= a timestamp in XML Schema format
>> 
>> c) sig= the signature of the whole URL (signed with the IdP's private SSL key).
>> 
>> d) referer= the address of the IdP, which is needed to fetch the public key of the IdP's SSL certificate (so the application knows from which IDP the signed response comes from in order to choose the correct certificate to verify the signature)
>> 
>> More info about the 'protocol' can be found in the README here [0].
>> 
>> [0] https://github.com/WebIDauth/WebIDauth

I would be careful to say this is protocol yet ;-)
This matter basically should be negotiated and get interoperability testing passed, no way around believe me.
So I would expect proposal, call etc. then we can proceed to get it done.

Best Regards,
Mitko

>> 
>> Andrei
>> 
>> 
>> 
> 
> Andrei,
> 
> Thanks, we'll get this fixed.
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 


--
Mitko Iliev
Developer Virtuoso Team
OpenLink Software
http://www.openlinksw.com/virtuoso
Cross Platform Web Services Middleware

Received on Thursday, 12 July 2012 21:31:46 UTC