ruby implementation
Tyler Gillies
there an implementers guide? foafssl.org seems to be down
Melvin Carvalho
I am a ruby guy. I would like to implement foaf+ssl on my site. Is
there an implementers guide? foafssl.org seems to be down
I dont believe there's anything in ruby yet,. but it's not so hard to to build the delegated version.
Some more libraries (mostly work in progress) can be found from: http://esw.w3.org/Foaf%2Bssl
I would suggest starting with the delegated version, which requires least configuration.
Login
=====
Building a login facility is as simple as adding a link:
https://foafssl.org/srv/idp?authreqissuer=http://foaf.me/index.php
Where:
- https://foafssl.org/srv/idp = the service root
- authreqissuer = parameter for redirect
- http://foaf.me/index.php = the page you'd like to come back to
In our simple model, foafssl.org will check your certificate and if it is valid sign a timestamp confirming that the login is valid (at some stage we can add a nonce too). It will return the paramenters:
webid= your webid
ts= the time
sig=the signature
To decode the signature we use the public key of foafssl.org
Here is some code that will that.
*Disclaimer* this is in the middle of a refactoring, with a new version to be released shortly, but hopefully gives a flavor of how to get started.
function getAuthFromDelegatedFOAFSSL() {
/*
* Settings for the IdP. The following two variables may change with
* another IdP.
*/
$sigalg = "rsa-sha1";
$idp_certificate = "foafssl.org-cert.pem";
$webid = "";
/* Reconstructs the signed message: the URI except the 'sig' parameter */
$full_uri = ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on")) ? "https" : "http")
. "://" . $_SERVER["HTTP_HOST"]
. ($_SERVER["SERVER_PORT"] != ((isset($_SERVER["HTTPS"]) && ($_SERVER["HTTPS"] == "on")) ? 443 : 80) ? ":".$_SERVER["SERVER_PORT"] : "")
. $_SERVER["REQUEST_URI"];
$signed_info = substr($full_uri, 0, -5-strlen(urlencode(isset($_GET["sig"]) ? $_GET["sig"] : NULL)));
/* Extracts the signature */
$signature = base64_decode(isset($_GET["sig"]) ? $_GET["sig"] : NULL);
/* Only rsa-sha1 is supported at the moment. */
if ($sigalg == "rsa-sha1") {
/*
* Loads the trusted certificate of the IdP: its public key is used to
* verify the integrity of the signed assertion.
*/
$fp = fopen($idp_certificate, "r");
$cert = fread($fp, 8192);
fclose($fp);
$pubkeyid = openssl_get_publickey($cert);
/* Verifies the signature */
$verified = openssl_verify($signed_info, $signature, $pubkeyid);
if ($verified == 1) {
// The verification was successful.
setAuthenticatedWebID($_GET['webid']);
}
elseif ($verified == 0) {
// The signature didn't match.
unsetAuthenticatedWebID();
}
else {
// Error during the verification.
unsetAuthenticatedWebID();
}
openssl_free_key($pubkeyid);
} else {
// Unsupported signature algorithm.
unsetAuthenticatedWebID();
}
}
--
You received this message because you are subscribed to the Google Groups "foaf.me" group.
To post to this group, send email to foa...@googlegroups.com.
To unsubscribe from this group, send email to foafme+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/foafme?hl=en.
Henry Story
On 19 Mar 2010, at 05:29, Tyler Gillies wrote:
> I am a ruby guy. I would like to implement foaf+ssl on my site. Is
> there an implementers guide?
It would be fantastic to have a ruby implementation. And yes, we should put up an implementers Guide on http://esw.w3.org/Foaf+ssl . There is the howto section on that page, but it could perhaps be moved to http://esw.w3.org/Foaf+ssl/HOWTO which could be split into a number of sections.
Currently we have a lot of example code in a number of languages. I am a java programmer and the I am working on is here http://github.com/bblfish
There are two parts: one simple and one more advanced.
1. Creating foaf+ssl certificates is easy. You can find code for that in the keygenapp subdirectory, or you can just look at the html generated at http://webid.myxwiki.org/
This uses the keygen tag, which is explained in more detail
http://esw.w3.org/Foaf%2Bssl/Clients
There is a javascript library used by webid.myxiki.org to get it to work on Internet Explorer .
2. Indirect authentication
2.1 Using http://openid4.me/
2.2 Indirect authentication using https://foafssl.org/
3. Direct authentication
Here you need to build a library that bypasses the usual CA verification of certificates. The HOWTO section shows how to do that with apache. http://github.com/bblfish/foafssl-java in java is more complicated.
For this you need an RDF library too, to parse the various formats of RDF: rdf/xml, rdfa (html), turtle...
Feel free to ask any question you have here.
> foafssl.org seems to be down
I need to add something on port 80. https://foafssl.org/ is up :-)
As you see we still need to tidy up a lot of loose ends.
Henry
tyler gillies
Thinking about making a gem once I actually get it implemented
--
Everyone Loves Tea
http://www.everyonelovestea.com
Henry Story
On 19 Mar 2010, at 12:11, Libby Miller wrote:
> On 19 Mar 2010, at 10:54, Henry Story wrote:
>
>> For this you need an RDF library too, to parse the various formats
>> of RDF: rdf/xml, rdfa (html), turtle...
>>
>
> This is probably the tricky bit - I've not found any very complete
> Ruby RDF libraries. With help from Damian Steer I've been using jruby
> and jena, which is working very nicely (and is very easy in fact), but
> using jruby puts some limitations on the ruby gems you can use, I think.
I have asked around a bit on Twitter.
Some leads are
ActiveRDF
http://activerdf.org/
RDF.rb
http://blog.datagraph.org/2010/03/rdf-for-ruby
This is new and very minimal but there is a long post there which is clearly written by someone who has done some research. So your best bet would be to go ask him perhaps.
Henry