[OpenID] cryptographics web of trust
Peter Williams
pwilliams at rapattoni.com
Wed Aug 22 03:26:57 UTC 2007
Let me simplify all this, by just programming it. I've decide to learn
the Boo programming language and apply associated Mono compilers (on
WindowNT).
I will now alter the implementation of the JanRain reference
implementation of the OpenId Auth protocol handler (written in Boo). The
OpenID-consumer website leverages this half of the OpenID Auth protocol
engine, when cooperating with the OpenID server.
Today, that Boo handler gets the user's HTML file; and gets the user's
XRDS file. Ultimately, it then does a checkid request/response exchange
with the server, using various bits of metadata from the HTML/XRDS.
For experimental purposes (only), my BOO module will NOT get the HTML,
and shall NOT get the associated XRDs. It will get metadata from the
RDF/XML stream from http://peter.com/peter#me. The consumer shall (one
day) verify the signature on some canonicalized N3-form of this
resource, having followed a wot authenticating the signer's RSA public
key.
The modified Boo module will now "normalize" using a non-standard rule:
enter peter.verisign.com in the website login prompt and it will
normalize this user input as the best practices foafname:
http://verisign.com/peter#me.
The OpenID URI associated with that foafname in the FOAF file at that
location will be determined by a sparql query against the metadata
triples. The OpenID resulting from this lookup WILL BE TREATED as a
"delegate" OpenID for the purposes of OpenID Auth protocol and its
security procedures.
The location of the OpenID server for the delegate OpenID will be
determined by querying metadata for the "service". If there are
multiple services attached to the claimant's OpenID, Euler-based wot
path finding logic will select a best.
The Consumer website will be altered to no longer automatically exploit
OpenID Ax, upon receipt of CheckID response. It should simply query the
user's FOAF file for public Person attributes. If one or more
consumer-required attributes are not present, yet one or more are marked
as AX-available in the FOAF file, the consumer shall use OpenID AX to
obtain from the OpenID server "informed-control" rights to receive and
handle these access-controlled value.
More information about the general
mailing list