[OpenID] missing the final piece, leveraing openid with foaf+ssl
Melvin Carvalho
melvincarvalho at gmail.com
Wed Sep 9 09:30:15 UTC 2009
On Wed, Sep 9, 2009 at 6:21 AM, Peter Williams<pwilliams at rapattoni.com> wrote:
> Melvin,
>
>
>
> I performed the following steps, which allowed my browser-cum-webserver to
> expose a foaf file to the public, and to interact with the foaf.me site to
> deal with the uncertified client certs used in foaf+ssl. What I cannot
> figure now is: how to integrate this value-add to the openid I’ve posted in
> my foaf file.
>
>
>
> How at step 14 can I now showcase foaf+ssl and openid interacting and
> complementing each other?
>
>
>
>
>
>
>
> Install and configure www.opera.com browser, setting a master password. Then
>
>
>
> 1. Install, configure and enable opera unite (makes your browser into
> a web server while you are signed into the opera cloud).
>
> 2. Arm and start your new web server, mapping virtual directory “a” to
> the desktop area of the physical file system
>
> 3. Give virtual folder /a “public” access
>
>
>
> 4. Use Opera browser’s Tools->Preferences->Advanced->Downloads->Add to
> add “application/rdf+xml” for file type of “rdf”
>
> 5. Restart web browser to restart web server.
>
>
>
> 6. Copy xml stream (a foaf file) shown below to new file named me.rdf,
> stored on your desktop
>
> 7. Edit the me.rdf file to change my personal attributes values to
> your values, and replace the homepage URL to use your own own opera unite
> hosting URL. (Note how directory /a correctly becomes /a/content )
>
>
>
> 8. Use opera to navigate to
> http://foaf.me/simpleCreateClientCertificate.php, and cite your
> “http://…/a/content/me.rdf” opera unite url as your webid. Fill out the cert
> template, and remember the cert’s private key password. Save the resulting
> .p12 file to desktop (sigh).
>
>
>
> 9. Use opera’s Tools->Preferences->Advanced->Security->Manage
> Certificates->Import (p12) to arm SSL client certificate support in Opera
>
If you dont want to save to desktop and import (which is more secure),
this is a slightly better user experience, and uses <KEYGEN> tags in
Firefox & Opera (not sure about safari, IE has its own thing)
http://foaf.me/simple_KEYGEN_CreateClientCertificate.php
>
>
> 10. In opera, goto
> https://foaf.me/RDF_Representation_of_a_X.509_Client_Certificate.php.
> Present the client cert, and note the resulting RDF. Find the RSAPublicKey
> in the result, and replace my value with your value… in your desktop’s
> me.rdf file.
>
>
>
> 11. In Opera, goto https://foaf.me/simpleLogin.php to try out foaf+ssl
>
>
>
> 12. Things are correct if the report has the form as follows:
>
>
>
> The login Suceeded! Authenticated as:
> http://*.*.operaunite.com/a/content/me.rdf
>
>
>
> Technical Explanation:
>
> SSL Client Certificate: detected!
>
>
>
> Client Certificate Public Key detected! (HEX):
>
> Array
>
> (
>
> [modulus] =>
> 93F860637CDB801FF62920AA23D41C8FAFD3F98AD21783853B59AEC7AE5F01C834915ECDC00631079EF411781E46B450548B8B1F451431F9FFFB1AD51F6C4A991AEC3E4A9D230E9A5FE7D9DF1991AF06D23757D919AC817AF32E31DE5E99D2C1A34789C4E1F3CF632504C9D664319DEF7BDBA4552E9C0FEC899B93BE95B5744B
>
> [exponent] => 010001
>
> )
>
> Subject Alt Name (FOAF Profile): detected!:
> http://*.*.operaunite.com/a/content/me.rdf
>
>
>
> FOAF Remote Public Key found in http://*.*.operaunite.com/a/content/me.rdf:
>
> Array
>
> (
>
> [modulus] =>
> 93F860637CDB801FF62920AA23D41C8FAFD3F98AD21783853B59AEC7AE5F01C834915ECDC00631079EF411781E46B450548B8B1F451431F9FFFB1AD51F6C4A991AEC3E4A9D230E9A5FE7D9DF1991AF06D23757D919AC817AF32E31DE5E99D2C1A34789C4E1F3CF632504C9D664319DEF7BDBA4552E9C0FEC899B93BE95B5744B
>
> [exponent] => 10001
>
> )
>
>
>
> 13. Create an myopenid.com account (e.g. http://homepw.myopenid.com), and
> replace the openid identifier in the me.rdf descriptor with your openid.
>
>
>
> 14. WHAT DO I DO TO TEST/SHOWCASE THE INTERACTION OF FOAF+SSL WITH OPENID,
> NOW?
First of all, well done for getting this far, without instructions. I
didnt program the OpenID bridge, but it looks like you've done mostly
everything correct. Much of this stuff is still experimental, so
thatkns for helping to test. Very clever to use opera unite to host a
profile on your own machine, I never thought of this.
Toby has written up some notes for connecting to an openid IdP
https://ophelia.g5n.co.uk:10443/openid/error.html
I'm not 100% sure if toby's system follows the primaryTopic to find
#me so you might want to point the certificate to the fragment rather
than the document
ie http://*.*.operaunite.com/a/content/me.rdf#me
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> RDF for me.rdf follows:-
>
>
>
> <?xml version="1.0" encoding="ISO-8859-1"?>
>
> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
>
> xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
>
> xmlns:foaf="http://xmlns.com/foaf/0.1/"
>
> xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
>
> xmlns:cert="http://www.w3.org/ns/auth/cert#"
>
> xmlns:admin="http://webns.net/mvcb/">
>
> <foaf:PersonalProfileDocument rdf:about="">
>
> <foaf:maker rdf:resource="#me"/>
>
> <foaf:primaryTopic rdf:resource="#me"/>
>
> </foaf:PersonalProfileDocument>
>
> <foaf:Person rdf:ID="me">
>
> <foaf:nick>homepw</foaf:nick>
>
> <foaf:firstName>peter</foaf:firstName>
>
> <foaf:givenName>williams</foaf:givenName>
>
> <foaf:openid rdf:resource=" http://*.myopenid.com "/>
>
> <foaf:homepage
> rdf:resource="http://*.*.operaunite.com/a/content/me.rdf"/>
>
> </foaf:Person>
>
> <rdf:Description>
>
> <rsa:RSAPublicKey>
>
> <cert:identity
> rdf:resource="http://*.*.operaunite.com/a/content/me.rdf"/>
>
> <rsa:public_exponent cert:decimal="65537"/>
>
> <rsa:modulus
> cert:hex="93F860637CDB801FF62920AA23D41C8FAFD3F98AD21783853B59AEC7AE5F01C834915ECDC00631079EF411781E46B450548B8B1F451431F9FFFB1AD51F6C4A991AEC3E4A9D230E9A5FE7D9DF1991AF06D23757D919AC817AF32E31DE5E99D2C1A34789C4E1F3CF632504C9D664319DEF7BDBA4552E9C0FEC899B93BE95B5744B"/>
>
> </rsa:RSAPublicKey>
>
> </rdf:RDF>
>
>
>
>
More information about the general
mailing list