RE: Updated IdP to new spec. from Peter Williams on 2011-11-27 (public-xg-webid@w3.org from November 2011)

From: Peter Williams <home_pw@msn.com>
Date: Sun, 27 Nov 2011 10:51:15 -0800
To: <andrei@fcns.eu>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-ID: <SNT143-W6285CCCA3CB0DEC9DD7D8392CD0@phx.gbl>
Went to https://auth.fcns.eu/auth/index.php?verbose=on Correctly failure case:
 * Checking ownership of certificate (public key matches private key)... PASSED (Reason: GENEROUS)

* Checking if 
certificate contains URIs in the subjectAltName field... PASSED

* Found 1 URIs in the certificate (a maximum of 
3 will be tested).

* Checking URI 1 
(http://yorkporc.blogspot.com/2011/11/bob.html#me)...
  - 
Trying to fetch and process certificate(s) from webid profile... 

        Testing if the modulus representation matches the one in the webid 
(found a modulus value)...

          Testing modulus... - 
FAILED
            WebID=c0e631e837407bb.......54ddfcfc173462d
             Cert  
=d5d5dc453432db7.......29f5aa1d15de651 I then removed the client cert and private key from the browser (delete at the UI, as would any user). I also loaded another key set from the .p12 format, one with the same name form (but different modulus).  



* Checking ownership of certificate (public key matches private key)... 
PASSED (Reason: GENEROUS)

* 
Checking if certificate contains URIs in the subjectAltName field... PASSED

* Found 1 URIs in the certificate (a maximum of 
3 will be tested).

* Checking URI 1 
(http://yorkporc.blogspot.com/2011/11/bob.html#me)...
  - 
Trying to fetch and process certificate(s) from webid profile... 

        Testing if the modulus representation matches the one in the webid 
(found a modulus value)...

          Testing modulus... - 
FAILED
            WebID=c0e631e837407bb.......54ddfcfc173462d
             Cert  
=d5d5dc453432db7.......29f5aa1d15de651


* Final 
conclusion: WebId does not match the certificate. Opened new browser instance, using File->New session. As user, received new self-signed server cert notice, and new prompt for client cert (with second mod).  



* Checking ownership of certificate (public key matches private key)... 
PASSED (Reason: GENEROUS)

* 
Checking if certificate contains URIs in the subjectAltName field... PASSED

* Found 1 URIs in the certificate (a maximum of 
3 will be tested).

* Checking URI 1 
(http://yorkporc.blogspot.com/2011/11/bob.html#me)...
  - 
Trying to fetch and process certificate(s) from webid profile... 

        Testing if the modulus representation matches the one in the webid 
(found a modulus value)...

          Testing modulus... PASSED
            WebID=c0e631e837407bb.......54ddfcfc173462d
             Cert  
=c0e631e837407bb.......54ddfcfc173462d

          Match found, ignoring 
futher tests!

* Authentication 
successful!
  I will infer that my webid profile conforms, as does my identity credential minting service. > Date: Sun, 27 Nov 2011 12:45:16 +0100
> From: andrei@fcns.eu
> To: public-xg-webid@w3.org
> Subject: Updated IdP to new spec.
> 
> Hello everyone,
> 
> As of yesterday (Nov 26th), the authentication endpoint at 
> https://auth.fcns.eu will only accept WebIDs written using the new 
> specs. The tests it offers include a particular test for the old vs new 
> spec, so that users should have at least one way of being alerted of 
> this change.
> 
> Also, the suite at http://webid.fcns.eu will now produce WebID profiles 
> using the new spec. Unfortunately, I haven't yet got around to updating 
> old profiles, so for testing purposes you might have to create a new one.
> 
> As it is, I'm not aware of any bugs so far, but please report them as 
> soon as you find one!
> 
> Have a great weekend!
> 
> Andrei
>
Received on Sunday, 27 November 2011 18:51:54 UTC