[foaf-protocols] WebID breakthrough - pure Javascript+Flash implementation

Kingsley Idehen kidehen at openlinksw.com
Sun Aug 8 15:57:16 CEST 2010

Manu Sporny wrote:
> We've been able to make a fairly significant breakthrough re: WebID in
> the past several weeks.
> Our engineering team has put together a pure Javascript+Flash
> implementation of WebID (client and server). This includes everything
> from certificate generation (replacing <keygen>) to storage (via Flash
> object storage) and client-side certificate negotiation of TLS connections.
> WebID – Universal Login for the Web
> http://blog.digitalbazaar.com/2010/08/07/webid/2/
> This is a big deal because we think that we may be able to get this
> stuff to work in IE 7 and many of the older browsers. 
> We may be able to
> achieve 90%+ penetration for WebID in the browser. The interface to
> select client-side certificates would be unified across all websites and
> all browsers, including IE, Firefox, Chrome, Opera and Safari (since
> it's all HTML+CSS+Javascript).

I assume you know that I demonstrated WebID (end to end support) using 
Windows (across IE, Chrome, Firefox, and Safari) a few weeks ago via my 
YouTube screenscasts and TwitPic screenshots.

On Windows we solve the problem by making a "one click" application 
(sort of like a signed Java Applet). In addition, you need to be able to 
create an register a Root CA Cert. on Windows otherwise you don't have a 
solution that will work (Windows is very tight on security so it won't 
simply work with self signed certs. you have to make a Root CA Cert 
which can be for yourself and then regisgter with the Windows Cert. 

What have right now is a solution that just works on Windows, you can 
try it at: https://id.myopenlink.net .  It covers browsers that support 

1. Firefox

It supports browsers that use keygen as front for the Windows Cert. Manager:

1. Safari
2. Chrome

It support browsers that don't support keygen:

1. IE.

The user interaction is simple:
1. Go to: https://id.myopenlink.net
2. Register with your existing WebID or get a new account
3. Edit your Profile using the Profile Manager (at least add your email 
address to your profile)
4. Use the "X.509" tab under "Security" to generate your X.509 Cert that 
includes your WebID (remember once you have an account you have a WebID, 
Profile Page URL, and an OpenID URL (all hooked together in conventional 
Linked Data style)
5. Save the generated Cert. to your Profile (don't forget to hatch the 
"enable WebID login" option)
6. Save and Exit Profile Manager
6. Visit a WebID or OpenID based space on the Web from Windows, Mac OS 
X, Linux, or any other Unix Platform.

Re. Windows, there is no requirement for flash, we are simply using what 
Windows offers re. PKI. Note, this isn't really that different from Mac 
OS X (where Safari and Chrome simply use keygen as conduit to the 
Keyring Manager).

> If you want to skip the blog post explaining this stuff, you can go
> straight to the WebID management page here (you will have to accept the
> bogus SSL certificates for the time being, we haven't bought verified
> SSL certificates for either site, yet):
> https://webid.digitalbazaar.com/manage/

It didn't give me option to signup using my existing WebID.
> Or a sample login page here:
> https://payswarm.com/webid-demo/

I couldn't use my existing WebID.
> Your current WebIDs won't work with the demo because they exist in the
> browser's certificate chain and not the Flash storage object. We'll want
> to discuss the ramifications of this new breakthrough on the call on
> Tuesday.
> I'll send out an agenda soon.


1. http://www.youtube.com/watch?v=Jro-Gzw1amM -- WebID user interaction 
flow using Windows and IE
2. http://www.youtube.com/watch?v=gzqHVUb3qrw -- WebID user interaction 
flow using Safari and Mac OS X
3. http://twitpic.com/photos/kidehen -- collection of screenshots 
showing the Windows Cert. Manager (which exists as both a native and 
remotely loadable "one click" application).

> -- manu



Kingsley Idehen	      
President & CEO 
OpenLink Software     
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen 

More information about the foaf-protocols mailing list