[OpenID] missing the final piece, leveraing openid with foaf+ssl

Peter Williams pwilliams at rapattoni.com
Wed Sep 9 04:21:49 UTC 2009 

Melvin,

I performed the following steps, which allowed my browser-cum-webserver to expose a foaf file to the public, and to interact with the foaf.me site to deal with the uncertified client certs used in foaf+ssl. What I cannot figure now is: how to integrate this value-add to the openid I've posted in my foaf file.

How at step 14 can I now showcase foaf+ssl and openid interacting and complementing each other?



Install and configure www.opera.com<http://www.opera.com> browser, setting a master password. Then


1.       Install, configure and enable opera unite (makes your browser into a web server while you are  signed into the opera cloud).

2.       Arm and start your new web server, mapping virtual directory "a" to the desktop area of the physical file system

3.       Give virtual folder /a "public" access


4.       Use Opera browser's Tools->Preferences->Advanced->Downloads->Add to add "application/rdf+xml" for file type of "rdf"

5.       Restart web browser to restart web server.



6.       Copy xml stream (a foaf file) shown below to new file named me.rdf, stored on your desktop

7.       Edit the me.rdf file to change my personal attributes values to your values, and replace the homepage URL to use your own own opera unite hosting URL. (Note how directory /a correctly becomes /a/content )



8.       Use opera to navigate to http://foaf.me/simpleCreateClientCertificate.php, and cite your "http://.../a/content/me.rdf" opera unite url as your webid. Fill out the cert template, and remember the cert's private key password. Save the resulting .p12 file to desktop (sigh).



9.       Use opera's Tools->Preferences->Advanced->Security->Manage Certificates->Import (p12) to arm SSL client certificate support in Opera



10.   In opera, goto https://foaf.me/RDF_Representation_of_a_X.509_Client_Certificate.php. Present the client cert, and note the resulting RDF. Find the RSAPublicKey in the result, and replace my value with your value... in your desktop's me.rdf file.



11.    In Opera, goto https://foaf.me/simpleLogin.php to try out foaf+ssl



12.   Things are correct if the report has the form as follows:



The login Suceeded! Authenticated as: http://*.*.operaunite.com/a/content/me.rdf



Technical Explanation:

SSL Client Certificate: detected!



Client Certificate Public Key detected! (HEX):

Array

(

    [modulus] => 93F860637CDB801FF62920AA23D41C8FAFD3F98AD21783853B59AEC7AE5F01C834915ECDC00631079EF411781E46B450548B8B1F451431F9FFFB1AD51F6C4A991AEC3E4A9D230E9A5FE7D9DF1991AF06D23757D919AC817AF32E31DE5E99D2C1A34789C4E1F3CF632504C9D664319DEF7BDBA4552E9C0FEC899B93BE95B5744B

    [exponent] => 010001

)

Subject Alt Name (FOAF Profile): detected!: http://*.*.operaunite.com/a/content/me.rdf



FOAF Remote Public Key found in http://*.*.operaunite.com/a/content/me.rdf:

Array

(

    [modulus] => 93F860637CDB801FF62920AA23D41C8FAFD3F98AD21783853B59AEC7AE5F01C834915ECDC00631079EF411781E46B450548B8B1F451431F9FFFB1AD51F6C4A991AEC3E4A9D230E9A5FE7D9DF1991AF06D23757D919AC817AF32E31DE5E99D2C1A34789C4E1F3CF632504C9D664319DEF7BDBA4552E9C0FEC899B93BE95B5744B

    [exponent] => 10001

)



13.   Create an myopenid.com account (e.g. http://homepw.myopenid.com), and replace the openid identifier in the me.rdf descriptor with your openid.



14.   WHAT DO I DO TO TEST/SHOWCASE THE INTERACTION OF FOAF+SSL WITH OPENID, NOW?















RDF for me.rdf follows:-


<?xml version="1.0" encoding="ISO-8859-1"?>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
      xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
      xmlns:foaf="http://xmlns.com/foaf/0.1/"
      xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
      xmlns:cert="http://www.w3.org/ns/auth/cert#"
      xmlns:admin="http://webns.net/mvcb/">
<foaf:PersonalProfileDocument rdf:about="">
    <foaf:maker rdf:resource="#me"/>
    <foaf:primaryTopic rdf:resource="#me"/>
</foaf:PersonalProfileDocument>
<foaf:Person rdf:ID="me">
    <foaf:nick>homepw</foaf:nick>
    <foaf:firstName>peter</foaf:firstName>
    <foaf:givenName>williams</foaf:givenName>
   <foaf:openid rdf:resource=" http://*.myopenid.com "/>
    <foaf:homepage rdf:resource="http://*.*.operaunite.com/a/content/me.rdf"/>
</foaf:Person>
<rdf:Description>
<rsa:RSAPublicKey>
   <cert:identity rdf:resource="http://*.*.operaunite.com/a/content/me.rdf"/>
   <rsa:public_exponent cert:decimal="65537"/>
   <rsa:modulus cert:hex="93F860637CDB801FF62920AA23D41C8FAFD3F98AD21783853B59AEC7AE5F01C834915ECDC00631079EF411781E46B450548B8B1F451431F9FFFB1AD51F6C4A991AEC3E4A9D230E9A5FE7D9DF1991AF06D23757D919AC817AF32E31DE5E99D2C1A34789C4E1F3CF632504C9D664319DEF7BDBA4552E9C0FEC899B93BE95B5744B"/>
</rsa:RSAPublicKey>
</rdf:RDF>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090908/2fa5ff77/attachment.htm>

More information about the general mailing list