[foaf-protocols] FOAF+SSL+OpenID implementation

Toby Inkster tai at g5n.co.uk
Fri Mar 20 12:49:31 CET 2009

Perl implementation using Net::OpenID::Server, RDF::Redland and
CGI::Auth::FOAF_SSL in under 100 lines!

Source code here:

This is how you can try it out:

1. Get a FOAF+SSL certificate and install it into your browser. Henry's
service <http://test.foafssl.org/cert/> provides certificates which are
known to work.

2. Check that your FOAF+SSL certificate will work with the
CGI::Auth::FOAF_SSL module (which isn't 100% perfect yet!) by visiting
this test page <https://ophelia.g5n.co.uk:10443/help.cgi>. You should
get the message "your setup looks good".

3. On the webpage (i.e. an HTML/XHTML file, not an RDF file) you wish to
use as your identity - we'll call this your "OpenID URI" - add the
following element within the document <head>:

    <link rel="openid.server"
     href="https://ophelia.g5n.co.uk:10443/openid/provider.cgi" />

4. In the FOAF file associated with your FOAF+SSL cert, add a triple
along the lines of:

    <#me> foaf:openid <OpenID URI> .

(foaf:homepage, foaf:page and plink:openid are supported as
alternatives, but best to use foaf:openid)

5. Go to a website that supports OpenID sign-in and sign in with your
OpenID URI! (wiki.creativecommons.org is one such site.)

Note that using this technique, the site you're signing into (e.g.
creative commons wiki) doesn't needs to support HTTPS - this technique
allows FOAF+SSL to be used reasonably securely with non-HTTPS sites.

I think a goal should be to have an OpenID provider like this up and
running on foafssl.org. This will give FOAF+SSL instant coverage over
the entire range of existing OpenID sites.

Toby Inkster <tai at g5n.co.uk>

More information about the foaf-protocols mailing list