[foaf-protocols] WebID breakthrough - pure Javascript+Flash implementation

Kingsley Idehen kidehen at openlinksw.com
Mon Aug 9 22:03:56 CEST 2010


Henry Story wrote:
> Hi Kingsley, I watched your video that shows you creating a certificate
> for Internet Explorer http://www.youtube.com/watch?v=gzqHVUb3qrw
>
> Looking at that I can only agree with Manu Sporny that this is geeky.
>   
Henry,

I will simply make another. Remember, that batch was just the beginning 
of a sequence. Primarily, capturing the completion of a QA cycle.

We have made Cert. Management as simple as can be under Windows. This is 
about doing it native to the host OS via a Wizard.

There are 4 critial routes here:

1. Standalone Cert Manager Wizard  -- if used as is would be geeky due 
to lack of context
2. Click Once Application -- ditto
3. REST service variant of application -- ditto
4. ODS as the Personal Data Space platform with a "Security" section for 
Generating X.509 Certs. and then persisting to ones Profile data space 
-- this has context and is easy, the user clicks a single button (which 
then makes a REST call that results in the invocation of the "one click 
applet" with appropriate information passed as URL parameters).

I am on vacation hence the delay :-)
> Bruno Harbulot managed to make it as easy to use as keygen with his javascript
> code at http://webid.myxwiki.org/ 
>   

What do you mean by as easy to use as keygen? I don't believe there is a 
fundamental difference here since I have a single button for making the 
Cert. and another button for saving the Cert. to ones data space and 
then a check-box to enable WebID protocol based authentication. Can't be 
any simpler that than as long as the user interaction delivers context 
to the user.

> Perhaps someone with Internet Explorer can make a screen cast of creating a certificate there (no need to do the account creation bit).
>   

What do you think I did?

My next screencast will simply use Internet Explorer in exactly the same 
way I did Safari. In both cases you click a single button and a Cert. if 
produced and persisted to the Windows OS Cert Manager.
> If there are issues we need to try to find out how we can reduce them there.
>   

You need to understand Windows security and PKI to get this to work. If 
it was easy there would be a boat load of implementations.

Bruno: I run IE and every other known browser across a cocktail of 
platforms. Can I use your system to product a Cert. that works with IE? 
I am going to try your link anyhow.

Kingsley
> Henry
>
>
> On 8 Aug 2010, at 15:57, Kingsley Idehen wrote:
>
>   
>> It support browsers that don't support keygen:
>>
>> 1. IE.
>>
>> The user interaction is simple:
>> 1. Go to: https://id.myopenlink.net
>> 2. Register with your existing WebID or get a new account
>> 3. Edit your Profile using the Profile Manager (at least add your email 
>> address to your profile)
>> 4. Use the "X.509" tab under "Security" to generate your X.509 Cert that 
>> includes your WebID (remember once you have an account you have a WebID, 
>> Profile Page URL, and an OpenID URL (all hooked together in conventional 
>> Linked Data style)
>> 5. Save the generated Cert. to your Profile (don't forget to hatch the 
>> "enable WebID login" option)
>> 6. Save and Exit Profile Manager
>> 6. Visit a WebID or OpenID based space on the Web from Windows, Mac OS 
>> X, Linux, or any other Unix Platform.
>>
>>
>> Re. Windows, there is no requirement for flash, we are simply using what 
>> Windows offers re. PKI. Note, this isn't really that different from Mac 
>> OS X (where Safari and Chrome simply use keygen as conduit to the 
>> Keyring Manager).
>>     
>
>
>   


-- 

Regards,

Kingsley Idehen	      
President & CEO 
OpenLink Software     
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen 







More information about the foaf-protocols mailing list