Re: Verifying WebID fails from Kingsley Idehen on 2017-06-28 (public-webid@w3.org from June 2017)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 27 Jun 2017 20:02:40 -0400
To: public-webid@w3.org
Message-ID: <33f887ad-55f9-ec31-e71f-5098d16b7cea@openlinksw.com>

On 6/27/17 6:33 PM, Martynas Jusevičius wrote:
> Hi,
>
> I think there is another case where failure scenario is not defined in
> protocol: verifying the WebID.
>
> What happens if the certificate key does not match the WebID key? None
> of the verification steps or sections seem to consider that. I suggest
> again that a 400 Bad Request should be returned.
>
> I think it is important for the protocol to handle failures if we want
> robust implementations.
>
> Is this group active enough to fix such issues?
>
>
> Martynas


Hi Martynas,

What do you mean by Certificate Key? Are you referring to the Public Key
component of an X.509 Certificate?

Bearing in mind that WebID+TLS isn't new, are there are implementations
out in the wild, wouldn't it be better if you started off by testing
authentication of your WebID against existing implementations?

You might also find the YouID browser extension we built interesting
since its sole purpose is simplification of WebID+TLS and/or
WebID+TLS+Delegation protocol usage (e.g., negating the UX headache
introduced by browsers when toggling WebIDs over and existing TLS
session) [1].

You can try:

[1] http://linkeddata.uriburner.com/sparql -- click on "login" button

[2] http://osdb.openlinksw.com -- click on the "login" button

[3] http://id.myopenlink.net/ods/webid_demo.html -- most basic WebID+TLS
authentication tool we have

Links:

[1]
https://medium.com/openlink-software-blog/simple-youid-browser-extension-usage-exercise-57fa3ff6c6b7
-- Simple YouID Browser Extension Usage Exercise.

-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software   (Home Page: http://www.openlinksw.com)

Weblogs (Blogs):
Legacy Blog: http://www.openlinksw.com/blog/~kidehen/
Blogspot Blog: http://kidehen.blogspot.com
Medium Blog: https://medium.com/@kidehen

Profile Pages:
Pinterest: https://www.pinterest.com/kidehen/
Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
Twitter: https://twitter.com/kidehen
Google+: https://plus.google.com/+KingsleyIdehen/about
LinkedIn: http://www.linkedin.com/in/kidehen

Web Identities (WebID):
Personal: http://kingsley.idehen.net/dataspace/person/kidehen#this
        : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Wednesday, 28 June 2017 00:03:38 UTC