[foaf-protocols] Why exponent/modulus

Joe Presbrey presbrey at csail.mit.edu
Sat Sep 18 00:44:08 CEST 2010


On Fri, Sep 17, 2010 at 5:29 PM, Nathan <nathan at webr3.org> wrote:
> ! indeed, can you quickly confirm what'd be in $SERVER['REMOTE_USER']? -
> on first read I thought you meant the certificate in PEM format, on
> second read I figured you meant the webid having had full authn done.

Environment variables are well known and highly visible to developers
of all languages on all platforms. They never require non-core
libraries to access and are transparent to work with. Here's the
environment style I had proposed:

REMOTE_USER=<http://presbrey.mit.edu/foaf#presbrey>
REMOTE_USER_NAME="Joe Presbrey"
REMOTE_USER_DEPICTION=<http://presbrey.mit.edu/self.jpg>
REMOTE_USER_KNOWS[0]=<http://www.w3.org/People/Berners-Lee/card#i>
REMOTE_USER_KNOWS[1]=<http://webr3.org/nathan#me>
REMOTE_USER_[PREDICATE]=[OBJECT]...

You can presumably select which predicate+objects of the WebID/subject
to extract in .htaccess

> without an ASN.1 parser then any PHP implementation is dependent on
> linux + openssl + shell exec permissions, which rules out a huge
> proportion hosts

Sorry, I wasn't /this/ familiar with libAuthentication. Agreed.
Forking is high-cost and a tough sell to web admins. Not good.

> likewise, I agree - but many (most) don't have this option sadly.

> is there a path to getting mod_authn_webid in to the main apache distro?
> this would increase the amount of hosts which can support/offer webid
> exponentially.

I would love to help with this.

Apache 2.3 is in Alpha and to be released soon.

Demand / a specification to point to / friends might help make this possible?

> really like the idea of an abstraction point although may need to take
> over or provide another env, REMOTE_USER would be v easy to have
> overwritten by something else, and people may want to layer auth by
> requesting basic/digest auth as well as a second tier.

See my environment stuff up top.

In this httpd module model, isn't layering basic/digest/webid supposed
to be handled already by the time you get to CGI?


More information about the foaf-protocols mailing list