kidehen at openlinksw.com
Tue Aug 10 00:26:21 CEST 2010
Henry Story wrote:
> Hi Kingsley, I watched your video that shows you creating a certificate
> for Internet Explorer http://www.youtube.com/watch?v=gzqHVUb3qrw
> Looking at that I can only agree with Manu Sporny that this is geeky.
> code at http://webid.myxwiki.org/
> Perhaps someone with Internet Explorer can make a screen cast of creating a certificate there (no need to do the account creation bit).
> If there are issues we need to try to find out how we can reduce them there.
I have just tested the service at: <http://webid.myxwiki.org>, it
doesn't offer the degree of simplicity that our solution offers. I make
this comment to strongly refute what you claim above re. how our system
works. Basically, you should test this yourself when you have access to
Go to https://id.myopenlink.net/ods . It just works i.e., create an
account (manually or via your existing WebID). Then go the profile edit
and then go to the "Security" tab which has the X.509 sub menu for
generating Certificates + associated private key (which are browser or
OS hosted) and then persisting X.509 cert. to your profile.
We don't have display information such as what's presented below,
because it isn't required, it just works.
Using Internet Explorer under Windows Vista or above or Windows Server
2008, you need to configure the following for this to work:
* Add this site to the Trusted Sites list: in Internet Options ->
Security -> Trusted Sites -> Sites -> Add ...
* You may need to configure the trust level (in this tab), using Custom
Level...: enable Initialize and script ActiveX controls not marked as
safe for scripting.
* If you are using Windows Vista without SP1 or above, you will probably
need to install this certificate as a Trusted Root Certification
Authority Certificate for your own certificate installation to succeed.
You should probably remove that trusted root CA certificate afterwards.
Our Wizard (a signed "one click app or service* ) lets you create the
root CA that is then used to sign the Personal Certificates.
One thing that we may have to add is the ability to force the root CA
cert creation if we determine that this critical component isn't in
place. Thus, when the Wizard is used for the first time we assume the
root CA cert is being created and then at the end of the process
commence Personal Cert. generation. Or just find a way to deliver the
whole thing via one series of Wizard interactions.
> On 8 Aug 2010, at 15:57, Kingsley Idehen wrote:
>> It support browsers that don't support keygen:
>> 1. IE.
>> The user interaction is simple:
>> 1. Go to: https://id.myopenlink.net
>> 2. Register with your existing WebID or get a new account
>> 3. Edit your Profile using the Profile Manager (at least add your email
>> address to your profile)
>> 4. Use the "X.509" tab under "Security" to generate your X.509 Cert that
>> includes your WebID (remember once you have an account you have a WebID,
>> Profile Page URL, and an OpenID URL (all hooked together in conventional
>> Linked Data style)
>> 5. Save the generated Cert. to your Profile (don't forget to hatch the
>> "enable WebID login" option)
>> 6. Save and Exit Profile Manager
>> 6. Visit a WebID or OpenID based space on the Web from Windows, Mac OS
>> X, Linux, or any other Unix Platform.
>> Re. Windows, there is no requirement for flash, we are simply using what
>> Windows offers re. PKI. Note, this isn't really that different from Mac
>> OS X (where Safari and Chrome simply use keygen as conduit to the
>> Keyring Manager).
President & CEO
More information about the foaf-protocols