2 Feb
2010
2 Feb
'10
6:11 p.m.
Hi Henry,
On Feb 1, 2010, at 7:22 PM, Story Henry wrote:
Hi,
foaf+ssl [1] is a very simple protocol for distributed authentication. It essentially
does what OpenId does, but in a RESTful manner. It works with most desktop browsers since
X509v3 came out (which is a long time ago). It only uses open standards and protocols - it
just uses them in a more distributed way.
It is also very easy to implement, and here is what would be needed to implement in
XWiki. I can help out here.
Cool!
1. Profile Creation
-------------------
Take any user home page URL.
1. You can either have that page link to an rdf/xml representation of a foaf graph, or
you can add RDFa directly to the home page by marking up the page with foaf. It depends on
how much those pages are templated. If they are very templated then the rdfa solution can
be very neat, as there is less risk that the user will mess something up.
Here's an example of a profile right now in XWiki:
<div id="profilePane" class="vertical-pane"><h1
class='hidden'>Profile of Administrator</h1><div
class="vcard">
<span class="fn hidden">Administrator</span>
<div class="dashboard">
<div class="dashboardleft">
<div class="userInfo">
<h1>Personal Information</h1>
<dl>
<dt class="label"><label>First name</label></dt>
<dd class="given-name">Administrator</dd>
<dt class="label"><label>Last name</label></dt>
<dd class="family-name"></dd>
<dt class="label"><label>Company</label></dt>
<dd class="org">XWiki.org</dd>
<dt class="label"><label>About</label></dt>
<dd class="note"><p>Admin is the default Wiki
Admin.</p></dd>
</dl>
<h1>Contact Information</h1>
<dl>
<dt class="label"><label>Phone</label></dt>
<dd class="tel"></dd>
<dt class="label"><label>Address</label></dt>
<dd class="adr"></dd>
</dl>
<h1>External Links</h1>
As you can see we're already using microformats. What would need to be changed to
support RDFa?
2. Add a certification creation servlet that knows how
to deal with the keygen tag, and the microsoft activeX component. We have the code for
this available open source in Java.
We = ?
Do you have a URL for the code you mention? Is it released code? Under what license?
What we need in addition is a little database to keep
track of the different public keys used by the profile owner, so that he can delete a key
if he looses his computer, or add a new one if he wishes to use someone else's.
So you're saying that we should add a field in a user's profile to put public
keys, right? This is easy to do in XWiki.
The above should be very little work, and should allow
people to log into other services in one click. You can try a test case out by going to
http://foaf.me/ but clearly generating rdf/xml for users to play around with is not a good
idea. Also foaf.me only allows one to have one certificate per profile.
Ok, so you will say there are not a lot of services for the moment. True. We are in boot
strapping mode. But with one tiny little trick you can get one useful service going.
http://openid4.me/ gives anyone an openid automatically and allows them to log in using
foaf+ssl. (There are just a few lines of code that you need to add to get that to work at
the top of the profile page)
2. Authentication
-----------------
There is one super easy way to get authentication working and that is to use
https://foafssl.org/srv/idp
That links doesn't seem to work.
The details of how that works is explained there. (and
the source code is also available at https://sommer.dev.java.net/ )
With that service you can get someone's WebID in a few lines of code. See the login
link at the top of http://foaf.me/ .
Setting up an xwiki server so that it asks the user for his Client certificate is a bit
more advanced, as it requires a hack to the SSL layer on the server (so that
authentication does not fail if it cannot find the Certificate Authority).
(By the way this should not be the only means of authentication. OpenId and username
passwords are good fallback solutions)
Re authentication xwiki has an interface to implement to provide alternative
implementations.
See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication
and more specifically:
http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Authentication#HCustomA…
Let us know if you think this can be done easily. Would you have time to work on such an
implementation?
3. Possible services to build
------------------------------
With the previous pieces in place some very nice services should be buildable. But those
could be left to groovy developers.
1. Improve comment management on blogs.
(if someone logs in with an OpenId that points to a foaf, or with a webid, you can get
links to images of the person, their blog, and other accounts, friends perhaps, etc...
This can help the person who is going to validate the post to get some contextual
information on the person posting the blog (and perhaps add him to a contact list).
Verification can be done automatically by the server by GETing a blog page and finding a
link there back to the foaf)
2. Allow people from other XWiki instances (and indeed any foaf file) access to another
wiki.
So one could specify things like: allow only my friends or friends of my friends access
to this wiki page. Or the colleagues of my friends, ... ) But one should start simple...
Sounds cool.
This is all good. What we need to know I think is how much time and work you can devote to
implement what you mentioned. On the XWiki committer side, we can provide support to you
for sure and we can work with you to get your code in committed.
BTW we have a sandbox to which we can give you access right away (commit mails go to this
list). To get access just give me your user id on xwiki.org (go there and register) -
please use a unix like name for your id something like hstory since this is going to be
your svn login).
Thanks a lot for suggesting this Henry. I'm curious to see what others think too but
on my side I find it very interesting (the more ways to access xwiki the better IMO).
-Vincent
We have written out a list of use cases here:
http://esw.w3.org/topic/foaf+ssl/UseCases
There are bound to be a lot more. But for us and everyone to try them, we need to have
some basics in place.
Henry
[1] see the introductory material here http://esw.w3.org/topic/foaf+ssl
Social Web Architect
http://bblfish.net/