The Sun BabelFish Blog
Don't panic !
python and php implementations of foaf+ssl
We now have two new implementations of foaf+ssl authentication protocol, in addition to the java one I blogged about earlier. If you have followed the procedure there to create your certificate, add it to your browser, and publish a minimal foaf file you can then try out these two servers.
Melvin Carvhalo, who owns the great domain name foaf.me, has implemented this in PHP in a very nicely layered fashion. In recent mail to the foaf protocols list he published the following end points:
- a test ssl resource will from a simple ssl connection that asks for the client certificate:
- Display the output of the $_SERVER global variable
- Display the details in the supplied Client Certificate
- Display the Client Public Key info
- Function returning the Client Public Key info in HEX
- Function returning the subjectAltName in the Client Certificate
- foaf tester that after getting the URI in your certificate from the X509 v3 extensions section will fetch the foaf at that URL and
- Convert the FOAF into an array of triples which it displays
- Find the RSA Key of the declared subject ("owner") within a FOAF file
- Get the list of friends in a FOAF file
- and finally the foaf+ssl tester, which Melvin pointed to in another email to the list, which will use the foaf+ssl protocol to log you into a server in one https connection. The server only does authentication and the minimal authorization: if it can authenticate you, then you are authorized
These three minimal services are very helpful as they allow us to detect and debug each stage in the protocol carefully. I highly recomment this step by step approach (and will therefore have to add this to my own examples!)
Ian Jacobi from MIT, has worked on extending authorization more with his python based server to also check your identity in a social network. See his detailed post on this "TAAC in action". Ian was in fact the first to have a running implementation I'd like to point out.
Keep these coming!
In the meantime I am working on authorization schemes, and am currently reading a complex paper Vladimir Kolovski, James Hendler, and Bijan Parsia entitled "Formalizing XACML Using Defeasible Description Logics". Clark Kendall is blogging about this under the policy management tag, which contains a less mathematical overview of the paper. I'll report back when I have managed to digest this. Read it if you need an antidote to twitter.
Posted at 01:55AM Dec 18, 2008 [permalink/trackback] by Henry Story in SemWeb | Comments[1]
Note on comments:
- I know the forms below are a little small. We have asked for years for this to be changed, but I don't think it's going to happen soon. In Apple's Safari you can resize the entry box with you mouse. For people using other browsers click on this javascript link, that should allow you to resize your form.
- Comments are moderated, so they will take a little time to appear. Currently moderation means I have to read them personally. Hopefully with OpenId deployment, this will become more automated.
- HTML markup no longer works here, due to some decision made somewhere. Sorry about that.
- If you are having trouble posting, it may be that you need javascript to be enabled. I don't think javascript should be needed for submitting a form, but that's the way it is here.
- Check your comments by using the preview button...
Posted by php on December 24, 2008 at 08:31 PM CET #