kidehen at openlinksw.com
Mon Aug 9 22:03:56 CEST 2010
Henry Story wrote:
> Hi Kingsley, I watched your video that shows you creating a certificate
> for Internet Explorer http://www.youtube.com/watch?v=gzqHVUb3qrw
> Looking at that I can only agree with Manu Sporny that this is geeky.
I will simply make another. Remember, that batch was just the beginning
of a sequence. Primarily, capturing the completion of a QA cycle.
We have made Cert. Management as simple as can be under Windows. This is
about doing it native to the host OS via a Wizard.
There are 4 critial routes here:
1. Standalone Cert Manager Wizard -- if used as is would be geeky due
to lack of context
2. Click Once Application -- ditto
3. REST service variant of application -- ditto
4. ODS as the Personal Data Space platform with a "Security" section for
Generating X.509 Certs. and then persisting to ones Profile data space
-- this has context and is easy, the user clicks a single button (which
then makes a REST call that results in the invocation of the "one click
applet" with appropriate information passed as URL parameters).
I am on vacation hence the delay :-)
> code at http://webid.myxwiki.org/
What do you mean by as easy to use as keygen? I don't believe there is a
fundamental difference here since I have a single button for making the
Cert. and another button for saving the Cert. to ones data space and
then a check-box to enable WebID protocol based authentication. Can't be
any simpler that than as long as the user interaction delivers context
to the user.
> Perhaps someone with Internet Explorer can make a screen cast of creating a certificate there (no need to do the account creation bit).
What do you think I did?
My next screencast will simply use Internet Explorer in exactly the same
way I did Safari. In both cases you click a single button and a Cert. if
produced and persisted to the Windows OS Cert Manager.
> If there are issues we need to try to find out how we can reduce them there.
You need to understand Windows security and PKI to get this to work. If
it was easy there would be a boat load of implementations.
Bruno: I run IE and every other known browser across a cocktail of
platforms. Can I use your system to product a Cert. that works with IE?
I am going to try your link anyhow.
> On 8 Aug 2010, at 15:57, Kingsley Idehen wrote:
>> It support browsers that don't support keygen:
>> 1. IE.
>> The user interaction is simple:
>> 1. Go to: https://id.myopenlink.net
>> 2. Register with your existing WebID or get a new account
>> 3. Edit your Profile using the Profile Manager (at least add your email
>> address to your profile)
>> 4. Use the "X.509" tab under "Security" to generate your X.509 Cert that
>> includes your WebID (remember once you have an account you have a WebID,
>> Profile Page URL, and an OpenID URL (all hooked together in conventional
>> Linked Data style)
>> 5. Save the generated Cert. to your Profile (don't forget to hatch the
>> "enable WebID login" option)
>> 6. Save and Exit Profile Manager
>> 6. Visit a WebID or OpenID based space on the Web from Windows, Mac OS
>> X, Linux, or any other Unix Platform.
>> Re. Windows, there is no requirement for flash, we are simply using what
>> Windows offers re. PKI. Note, this isn't really that different from Mac
>> OS X (where Safari and Chrome simply use keygen as conduit to the
>> Keyring Manager).
President & CEO
More information about the foaf-protocols