[foaf-protocols] WebID JS/Flash import and export functionality
presbrey at csail.mit.edu
Wed Aug 25 23:07:53 CEST 2010
IFRAME-based authentication is not REST-ful. Isn't there any other/better way?
On Wed, Aug 25, 2010 at 4:21 PM, Dave Longley
<dlongley at digitalbazaar.com> wrote:
> The JS/Flash demo now allows private keys and certificates to be imported
> and exported. The process is a little tedious, but has been tested
> successfully with Firefox and Safari.
> Creating a demo JS/Flash WebID or Importing an existing WebID to a JS/Flash
> WebID provider:
> Go here, to a JS/Flash WebID provider:
> To create a JS/Flash WebID fill out the appropriate information and click
> 'Create'. More fields are available under 'Advanced'.
> If you have an existing WebID (e.g. one you may have created on foaf.me to
> test WebID) that you want to import you must first get the private key and
> certificate for that WebID. If you are using Firefox you can go to
> Preferences->Advanced->View Certificates and click the 'Backup' button. This
> will create a PKCS#12 file (.p12). You can use openssl to extract the
> private key and certificate from this file like so:
> For a PKCS#12 file 'example.p12', run:
> openssl pkcs12 -info -in example.p12 -nodes
> The output should include the PEM data for your RSA Private Key and your
> Certificate. You can cut and paste each of these directly into the import
> form at https://webid.digitalbazaar.com/manage/. I assume that most people
> that are interested in this are familiar with PEM and openssl key conversion
> Next click the 'Import' button and wait a little while for the process to
> complete. Once it completes, your WebID should now be shown in the list of
> available WebIDs at the top of the page. The import process, just like the
> regular creation process, will store your Private Key and Certificate in
> Flash local storage under the https://webid.digitalbazaar.com domain. Only
> this domain will be able to access this information. The use of an iframe
> allows any compliant website to request that https://webid.digitalbazaar.com
> use TLS and a WebID to authenticate a user without allowing any other
> website access to the private key.
> You can test that the WebID works with the JS/Flash demo website here:
> If you already have a WebID installed in your browser you will be asked to
> select one using the browser UI even though it isn't the purpose of the
> demo. This is unavoidable with current browser implementations. However, it
> does provide the demo website with the opportunity to show that it also
> supports browser-based WebIDs. The WebID will be authenticated, and on
> successful, its related RDF data will be shown if you click a link at the
> end of the 'A Note Concerning Browser-Generated WebIDs' section. This shows
> that you have been identified by your browser WebID. However, this only
> demonstrates that your browser WebID works, it is not a demonstration of the
> JS/Flash WebID.
> To see the JS/Flash WebID demonstration, click the 'Digital Bazaar WebID'
> provider button. It will bring up that particular WebID provider's
> (https://webid.digitalbazaar.com) custom interface which should allow you to
> pick from your available WebIDs. If you created any previous WebIDs using
> https://webid.digitalbazaar.com/manage then they will be shown here along
> with any that you previously imported. Select a WebID by clicking its
> associated 'Select' button. This should do the authentication and take you
> to the home page of the fake 'socialswarm' website and present you with a
> message and the RDF data from the associated WebID URL.
> Exporting from JS/Flash to a Browser:
> You can also export private keys and certificates generated by the JS/Flash
> WebID provider. To do this, there exists a Private Key and Certificate link
> with every WebID that is displayed at:
> The links will cause the associated PEM-formatted data to be displayed. This
> information can be copied into two different files: e.g. 'key.pem' and
> 'cert.pem'. To import these files into a browser like Firefox or Safari, you
> must wrap them in a PCKS#12 data structure which will store them in a file
> like: 'example.p12'.
> To wrap your private key and certificate using openssl you run:
> openssl pkcs12 -export -in cert.pem -inkey key.pem -out example.p12 -name
> Where <certificate-name> is the name to display to the user in the browser's
> UI when selecting a WebID. Once the p12 file is created it can be imported
> into a browser or an OS key chain using the appropriate method. For Firefox,
> you can import the p12 file by going to Preferences->Advanced->View
> Certificates and click 'Import'. Then select 'example.p12'.
> When you create a p12 file you will be asked to create a password of your
> choosing. You must enter this password when importing the p12 file to unlock
> This process hasn't been made 'super-easy' yet, but it demonstrates that it
> is possible to move certificates between a WebID provider that uses JS/Flash
> and one that doesn't.
> Dave Longley
> Digital Bazaar, Inc.
> Phone: 540-961-4469
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
More information about the foaf-protocols