<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:p="urn:schemas-microsoft-com:office:powerpoint" xmlns:a="urn:schemas-microsoft-com:office:access" xmlns:dt="uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s="uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema" xmlns:b="urn:schemas-microsoft-com:office:publisher" xmlns:ss="urn:schemas-microsoft-com:office:spreadsheet" xmlns:c="urn:schemas-microsoft-com:office:component:spreadsheet" xmlns:odc="urn:schemas-microsoft-com:office:odc" xmlns:oa="urn:schemas-microsoft-com:office:activation" xmlns:html="http://www.w3.org/TR/REC-html40" xmlns:q="http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc="http://microsoft.com/officenet/conferencing" xmlns:D="DAV:" xmlns:Repl="http://schemas.microsoft.com/repl/" xmlns:mt="http://schemas.microsoft.com/sharepoint/soap/meetings/" xmlns:x2="http://schemas.microsoft.com/office/excel/2003/xml" xmlns:ppda="http://www.passport.com/NameSpace.xsd" xmlns:ois="http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir="http://schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dsp="http://schemas.microsoft.com/sharepoint/dsp" xmlns:udc="http://schemas.microsoft.com/data/udc" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:sub="http://schemas.microsoft.com/sharepoint/soap/2002/1/alerts/" xmlns:ec="http://www.w3.org/2001/04/xmlenc#" xmlns:sp="http://schemas.microsoft.com/sharepoint/" xmlns:sps="http://schemas.microsoft.com/sharepoint/soap/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:udcs="http://schemas.microsoft.com/data/udc/soap" xmlns:udcxf="http://schemas.microsoft.com/data/udc/xmlfile" xmlns:udcp2p="http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf="http://schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss="http://schemas.microsoft.com/office/2006/digsig-setup" xmlns:dssi="http://schemas.microsoft.com/office/2006/digsig" xmlns:mdssi="http://schemas.openxmlformats.org/package/2006/digital-signature" xmlns:mver="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns:mrels="http://schemas.openxmlformats.org/package/2006/relationships" xmlns:spwp="http://microsoft.com/sharepoint/webpartpages" xmlns:ex12t="http://schemas.microsoft.com/exchange/services/2006/types" xmlns:ex12m="http://schemas.microsoft.com/exchange/services/2006/messages" xmlns:pptsl="http://schemas.microsoft.com/sharepoint/soap/SlideLibrary/" xmlns:spsl="http://microsoft.com/webservices/SharePointPortalServer/PublishedLinksService" xmlns:Z="urn:schemas-microsoft-com:" xmlns:st="" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
{mso-style-priority:99;
mso-style-link:"Plain Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.5pt;
font-family:Consolas;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
span.PlainTextChar
{mso-style-name:"Plain Text Char";
mso-style-priority:99;
mso-style-link:"Plain Text";
font-family:Consolas;}
.MsoChpDefault
{mso-style-type:export-only;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoPlainText>I updated it, to make it more easily repeatable. Failure
points at the end.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>Install and configure www.opera.com browser, setting a
master password. Then <o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>1. Install, configure and enable opera
unite (makes your browser into a web server while you are signed into the
opera cloud).<o:p></o:p></p>
<p class=MsoPlainText>2. Arm and start your new web server,
mapping virtual directory “a” to the desktop area of the physical
file system<o:p></o:p></p>
<p class=MsoPlainText>3. Give virtual folder /a
“public” access, and create an index.html file. Ensure the public can
see your index content at http://*.*.operaunite.com/a<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>4. Use Opera browser’s
Tools->Preferences->Advanced->Downloads->Add to add
“application/rdf+xml” for file type of “rdf”<o:p></o:p></p>
<p class=MsoPlainText>5. Restart web browser to restart web
server.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>6. Copy xml stream (a foaf file) shown
below to new file named me.rdf, stored on your desktop <o:p></o:p></p>
<p class=MsoPlainText>7. Edit the me.rdf file to change personal
attributes values for Peter to your values, and replace the homepage URL to use
your own opera unite hosting URL. (Note how directory /a correctly becomes
/a/content )<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>8. Use opera to navigate to
http://foaf.me/simpleCreateClientCertificate.php, and cite your “http://*.*.operateunite.com/a/content/me.rdf#me”
opera unite url as your webid. Fill out the cert template, put the domain name
in the cn field (optionally), and remember the cert’s private key
password. Save the resulting .p12 file to desktop with file name that has NO #me
component (if present in the suggested filename).<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>9. Use opera’s Tools->Preferences->Advanced->Security->Manage
Certificates->Import (p12) to arm SSL client certificate support in Opera<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>10. In opera, goto <a
href="https://foaf.me/RDF_Representation_of_a_X.509_Client_Certificate.php">https://foaf.me/RDF_Representation_of_a_X.509_Client_Certificate.php</a>
. Present the client cert, and note the resulting RDF. Find the RSAPublicKey in
the result, and replace my value with your value… in your desktop’s
me.rdf file.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>11. In Opera, goto
https://foaf.me/simpleLogin.php to try out foaf+ssl<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>12. Things are correct if the report has the
form as follows:<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>FOAF+SSL Simple Login Page<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>The login Suceeded!
Authenticated as: http://*.*.operaunite.com/a/content/me.rdf#me<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>Technical Explanation:<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>SSL Client Certificate:
detected!<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>Client Certificate Public Key
detected! (HEX):<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>Array<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>(<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'> [modulus]
=>
DAB11EBD01E48B4BAB9F9088877701583B1E07CF318062ACB27B1EE951A03234071674FFB590903CEAB1F6B9319EB40342A731821E3BC12E975E4A63EA6039D6BC7889DD115E475DB2BA2A3437197E283FAE43FC68BC91098DC25C370A4B6EF53D597FBB58DDEBE6E8321B3435A476B088A9D99E75121FD805F77D79DBF75EA1<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'> [exponent]
=> 010001<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>)<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>Subject Alt Name (FOAF Profile):
detected!: http://*.*.operaunite.com/a/content/me.rdf#me<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'><o:p> </o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>FOAF Remote Public Key found in
http://*.*.operaunite.com/a/content/me.rdf#me:<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>Array<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>(<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'> [modulus]
=> DAB11EBD01E48B4BAB9F9088877701583B1E07CF318062ACB27B1EE951A03234071674FFB590903CEAB1F6B9319EB40342A731821E3BC12E975E4A63EA6039D6BC7889DD115E475DB2BA2A3437197E283FAE43FC68BC91098DC25C370A4B6EF53D597FBB58DDEBE6E8321B3435A476B088A9D99E75121FD805F77D79DBF75EA1<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'> [exponent]
=> 10001<o:p></o:p></p>
<p class=MsoPlainText style='margin-left:.5in'>)<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>14. using, opera and your client cert,
goto <a href="https://ophelia.g5n.co.uk:10443/help.cgi">https://ophelia.g5n.co.uk:10443/help.cgi</a>
and confirm the page reports positively (i.e. doesn’t say ‘The <tt><span
style='font-size:10.0pt'>help.cgi</span></tt> script wasn't prepared for your
setup!’ or similar). You are ready for openid trials, if so.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>15. use your opera unite server to host a
vanity openid (e.g. <a href="http://homepw.myopenid.com">http://homepw.myopenid.com</a>)
using the index.rdf file. Add a link tag to the head section of the html markup
as follows, replacing home.homepw with your own opera united values<o:p></o:p></p>
<p class=MsoPlainText> <o:p></o:p></p>
<p class=MsoPlainText><HEAD><o:p></o:p></p>
<p class=MsoPlainText><link href="https://ophelia.g5n.co.uk:10443/openid/provider.cgi?webid=http%3a%2f%2fhome.homepw.operaunite.com%2fa%2fcontent%2fme.rdf%23me"
rel="openid.server" title="FOAF+SSL OpenID Server" /><o:p></o:p></p>
<p class=MsoPlainText></HEAD><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>16. Amend the openid identifier in the me.rdf descriptor
with your opera united path.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>15. Using operate, navigate to a conforming openid RP: <a
href="http://www.freexri.com/user/Login/">http://www.freexri.com/user/Login/</a>
. Fill out the openid form field with your openid identifier (whose form is <a
href="http://*.*.operaunite.com/a">http://*.*.operaunite.com/a</a> ). Note if a
client cert is requested.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>16. if you apply a spying proxy, note that the RP
redirects to Location: <a
href="https://ophelia.g5n.co.uk:10443/openid/provider.cgi?webid=http%3a%2f%2fhome.homepw.operaunite.com%2fa%2fcontent%2fme.rdf%23me&openid.identity=http%3A%2F%2Fhome.homepw.operaunite.com%2Fa%2Fcontent%2F&openid.return_to=http%3A%2F%2Fwww.freexri.com%2Fuser%2FOpenIDEndpoint%3Fopenid.rpnonce%3D2009-09-09T14%253A34%253A55Z0%26openid.rpsig%3D0MLFKxSN3Izq%252B60ZBOSp3l962RATizT6f9mm%252FnS1yDw%253D&openid.trust_root=http%3A%2F%2Fwww.freexri.com%2F&openid.mode=checkid_setup&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_request&openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&openid.ext1.type.name=http%3A%2F%2Fschema.openid.net%2Fcontact%2Fname&openid.ext1.if_available=email%2Cname&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fsreg%2F1.0&openid.sreg.optional=email%2Cname">https://ophelia.g5n.co.uk:10443/openid/provider.cgi?webid=http%3a%2f%2fhome.homepw.operaunite.com%2fa%2fcontent%2fme.rdf%23me&openid.identity=http%3A%2F%2Fhome.homepw.operaunite.com%2Fa%2Fcontent%2F&openid.return_to=http%3A%2F%2Fwww.freexri.com%2Fuser%2FOpenIDEndpoint%3Fopenid.rpnonce%3D2009-09-09T14%253A34%253A55Z0%26openid.rpsig%3D0MLFKxSN3Izq%252B60ZBOSp3l962RATizT6f9mm%252FnS1yDw%253D&openid.trust_root=http%3A%2F%2Fwww.freexri.com%2F&openid.mode=checkid_setup&openid.ns.ext1=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0&openid.ext1.mode=fetch_request&openid.ext1.type.email=http%3A%2F%2Fschema.openid.net%2Fcontact%2Femail&openid.ext1.type.name=http%3A%2F%2Fschema.openid.net%2Fcontact%2Fname&openid.ext1.if_available=email%2Cname&openid.ns.sreg=http%3A%2F%2Fopenid.net%2Fsreg%2F1.0&openid.sreg.optional=email%2Cname</a><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>That’s as far as I can get, as the OP redirects to <a
href="https://ophelia.g5n.co.uk:10443/openid/error.html">https://ophelia.g5n.co.uk:10443/openid/error.html</a>
(after asking for the client cert). I cannot get it show its minting an
assertion though.<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>It doesn’t send back an openid assertion tofreexri.com
RP, but it does have some interesting material (that I don’t understand)
on direct and indirect webids. Indirect seems to be about RP-side name linking,
so one’s long term cert (with a “persistent webid”) can map
onto a current webid at a different location/provider.<o:p></o:p></p>
<p class=MsoPlainText> <o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText>RDF for me.rdf follows:-<o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><?xml version="1.0"
encoding="ISO-8859-1"?><o:p></o:p></p>
<p class=MsoPlainText><rdf:RDF
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"<o:p></o:p></p>
<p class=MsoPlainText>
xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"<o:p></o:p></p>
<p class=MsoPlainText>
xmlns:foaf="http://xmlns.com/foaf/0.1/"<o:p></o:p></p>
<p class=MsoPlainText>
xmlns:rsa="http://www.w3.org/ns/auth/rsa#"<o:p></o:p></p>
<p class=MsoPlainText>
xmlns:cert="http://www.w3.org/ns/auth/cert#"<o:p></o:p></p>
<p class=MsoPlainText>
xmlns:admin="http://webns.net/mvcb/"><o:p></o:p></p>
<p class=MsoPlainText><foaf:PersonalProfileDocument
rdf:about=""><o:p></o:p></p>
<p class=MsoPlainText> <foaf:maker
rdf:resource="#me"/><o:p></o:p></p>
<p class=MsoPlainText> <foaf:primaryTopic
rdf:resource="#me"/><o:p></o:p></p>
<p class=MsoPlainText></foaf:PersonalProfileDocument><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><foaf:Person rdf:ID="me"><o:p></o:p></p>
<p class=MsoPlainText> <foaf:nick>homepw</foaf:nick><o:p></o:p></p>
<p class=MsoPlainText>
<foaf:firstName>peter</foaf:firstName><o:p></o:p></p>
<p class=MsoPlainText>
<foaf:givenName>williams</foaf:givenName><o:p></o:p></p>
<p class=MsoPlainText> <foaf:openid rdf:resource="http://*.*.operaunite.com/a"/>
<o:p></o:p></p>
<p class=MsoPlainText> <foaf:homepage
rdf:resource="http://*.*.operaunite.com/a/content/me.rdf#me"/><o:p></o:p></p>
<p class=MsoPlainText></foaf:Person><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><rsa:RSAPublicKey><o:p></o:p></p>
<p class=MsoPlainText> <cert:identity rdf:resource=#me"/><o:p></o:p></p>
<p class=MsoPlainText> <rsa:public_exponent
cert:decimal="65537"/><o:p></o:p></p>
<p class=MsoPlainText> <rsa:modulus
cert:hex="93F860637CDB801FF62920AA23D41C8FAFD3F98AD21783853B59AEC7AE5F01C834915ECDC00631079EF411781E46B450548B8B1F451431F9FFFB1AD51F6C4A991AEC3E4A9D230E9A5FE7D9DF1991AF06D23757D919AC817AF32E31DE5E99D2C1A34789C4E1F3CF632504C9D664319DEF7BDBA4552E9C0FEC899B93BE95B5744B"/><o:p></o:p></p>
<p class=MsoPlainText></rsa:RSAPublicKey><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText></rdf:RDF><o:p></o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
<p class=MsoPlainText><o:p> </o:p></p>
</div>
</body>
</html>