The Sun BabelFish Blog
Don't panic !
FOAF & SSL: creating a global decentralised authentication protocol
Following on my previous post RDFAuth: sketch of a buzzword compliant authentication protocol, Toby Inkster came up with a brilliantly simple scheme that builds very neatly on top of the Secure Sockets Layer of https. I describe the protocol shortly here, and will describe an implementation of it in my next post.
Simple global ( passwordless if using a device such as the Aladdin USB e-Token ) authentication around the web would be extremely valuable. I am currently crumbling under the number of sites asking me for authentication information, and for each site I need to remember a new id and password combination. I am not the only one with this problem as the data portability video demonstrates. OpenId solves the problem but the protocol consumes a lot of ssl connections. For hyperdata user agents this could be painfully slow. This is because they may need access to just a couple of resources per server as they jump from service to service.
As before we have a very simple scenario to consider. Romeo wants to find out where Juliette is. Juliette's hyperdata Address Book updates her location on a regular basis by PUTing information to a protected resource which she only wants her friends and their friends to have access to. Her server knows from her foaf:PersonalProfileDocument who her friends are. She identifies them via dereferenceable URLs, as I do, which themselves usually (the web is flexible) return more foaf:PersonalProfileDocuments describing them, and pointing to further such documents. In this way the list of people able to find out her location can be specified in a flexible and distributed manner. So let us imagine that Romeo is a friend of a friend of Juliette's and he wishes to talk to her. The following sequence diagram continues the story...
The stages of the diagram are listed below:
First Romeo's User Agent HTTP GETs Juliette's public foaf file located at
http://juliette.net/. The server returns a representation ( in RDFa perhaps ) with the same semantics as the following N3:@prefix : <#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> . @prefix todo: <http://eg.org/todo#> . @prefix openid: <http://eg.org/openid/todo#> . <> a foaf:PersonalProfileDocument; foaf:primaryTopic :juliette ; openid:server <https://aol.com/openid/service>; # see The Openid Sequence Diagram . :juliette a foaf:Person; foaf:name "Juliette"; foaf:openid <>; foaf:blog </blog>; rdfs:seeAlso <https://juliette.net/protected/location>; foaf:knows <http://bblfish.net/people/henry/card#me>, <http://www.w3.org/People/Berners-Lee/card#i> . <https://juliette.net/protected/location> a todo:LocationDocument .
Romeo's user agent receives this representation and decides to follow the https protected resource because it is a todo:LocationDocument.
- The todo:LocationDocument is at an https URL, so Romeo's User Agent connects to it via a secure socket. Juliette's server, who wishes to know the identity of the requestor, sends out a Certificate Request, to which Romeo's user agent responds with an X.509 certificate. This is all part of the SSL protocol.
In the communication in stage 2, Romeo's user agent also passes along his foaf id. This can be done either by:
- Sending in the HTTP header of the request an
Agent-Idheader pointing to the foaf Id of the user. Like this:Agent-Id: http://romeo.net/#romeo
From:header, but instead of requiring an email address, a direct name of the agent would be required. (An email address is only an indirect identifier of an agent). -
The Certificate could itself contain the Foaf ID of the Agent in the X509v3 extensions section:
X509v3 extensions: ... X509v3 Subject Alternative Name: URI:http://romeo.net/#romeoI am not sure if it would be correct use of the X509 Alternative names field. So this would require more standardization work with the X509 community. But it shows a way where the two communities could meet. The advantage of having the id as part of the certificate is that this could add extra weight to the id, depending on the trust one gives the Certificate Authority that signed the Certificate.
- Sending in the HTTP header of the request an
-
At this point Juliette's web server knows of the requestor (Romeo in this case):
- his alleged foaf Id
- his Certificate ( verified during the ssl session )
If the Certificate is signed by a CA that Juliette trusts and the foaf id is part of the certificate, then she will trust that the owner of the User Agent is the entity named by that id. She can then jump straight to step 6 if she knows enough about Romeo that she trusts him.
Having Certificates signed by CA's is expensive though. The protocol described here will work just as well with self signed certificates, which are easy to generate.
- Juliette's hyperdata server then GETs the foaf document associated with the foaf id, namely
<http://romeo.net/>. Romeo's foaf server returns a document containing a graph of relations similar to the graph described by the following N3:@prefix : <#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> . @prefix wot: <http://xmlns.com/wot/0.1/> . @prefix wotodo: <http://eg.org/todo#> . <> a foaf:PersonalProfileDocument; foaf:primaryTopic :romeo . :romeo a foaf:Person; foaf:name "Romeo"; is wot:identity of [ a wotodo:X509Certificate; wotodo:dsaWithSha1Sig """30:2c:02:14:78:69:1e:4f:7d:37:36:a5:8f:37:30:58:18:5a: f6:10:e9:13:a4:ec:02:14:03:93:42:3b:c0:d4:33:63:ae:2f: eb:8c:11:08:1c:aa:93:7d:71:01""" ; ] ; foaf:knows <http://bblfish.net/people/henry/card#me> . - By querying the semantics of the returned document with a SPARQL query such as
PREFIX wot: <http://xmlns.com/wot/0.1/> PREFIX wotodo: <http://eg.org/todo#> SELECT { ?sig } WHERE { [] a wotodo:X509Certificate; wotodo:signature ?sig; wot:identity <http://romeo.net/#romeo> . }Juliette's web server can discover the certificate signature and compare it with the one sent by Romeo's user agent. If the two are identical, then Juliette's server knows that the User Agent who has access to the private key of the certificate sent to it, and who claims to be the person identified by the URI
http://romeo.net/#romeo, is in agreement as to the identity of the certificate with the person who has write access to the foaf filehttp://romeo.net/. So by proving that it has access to the private key of the certificate sent to the server, the User Agent has also proven that it is the person described by the foaf file. - Finally, now that Juliette's server knows an identity of the User Agent making the request on the protected resource, it can decide whether or not to return the representation. In this case we can imagine that my foaf file says that
@prefix foaf: <http://xmlns.com/foaf/0.1/> . <http://bblfish.net/people/henry/card#me> foaf:knows <http://romeo.net/#romeo> .
@prefix contact: <http://www.w3.org/2000/10/swap/pim/contact#> . @prefix : <http://juliette.org/#> . :juliette contact:location [ contact:address [ contact:city "Paris"; contact:country "France"; contact:street "1 Champs Elysees" ] ] .
Todo
- Create an ontology for X509 certificates.
- test this. Currently there is some implementation work going on in the so(m)mer repository in the misc/FoafServer directory.
- Can one use the Subject Alternative name of an X509 certificate as described here?
- For self signed certificates, what should the X509 Distinguished Name (DN) be? The DN is really being replaced here by the foaf id, since that is where the key information about the user is going to be located. Can one ignore the DN in a X509 cert, as one can in RDF with blank nodes? One could I imagine create a dummy DN where one of the elements is the foaf id. These would at least, as opposed to DN, be guaranteed to be unique.
- what standardization work would be needed to make this
Discussion on the Web
- Peter Williams is very positive, in his response on the OpenId mailing list where he gives a short overview of the history of the URI Subject Alternative name in the X509 spec.
- Paul Madsen gives a short description of how this would be implemented in the Liberty stack.
Posted at 02:00PM Apr 21, 2008 [permalink/trackback] by Henry Story in SemWeb | Comments[1]
The OpenId Sequence Diagram
OpenId very neatly solves the global identity problem within the constraints of working with legacy browsers. It is a complex protocol though as the following sequence diagram illustrates, and this may be a problem for automated agents that need to jump around the web from hyperlink to hyperlink, as hyperdata agents tend to do.
The diagram illustrates the following scenario. Romeo wants to find the current location of Juliette. So his semantic web user agent GET's her current foaf file. But Juliette wants to protect information about her current whereabouts and reveal it only to people she trusts, so she configures her server to require the user agent to authenticate itself in order to get more information. If the user agent can prove that is is owned by one of her trusted friends, and Romeo in particular, she will deliver the information to it (and so to him).
The steps numbered in the sequence diagram are as follows:
- A User Agent fetches a web page that requires authentication. OpenId was designed with legacy web browsers in mind, for which it would return a page containing an OpenId login box such as the one to the right.
In the case of a hyperdata agent as in our use case, the agent would GET a public foaf file, which might contain a link to an OpenId authentication endpoint. Perhaps with some rdf such as the following N3:
<> openid:login </openidAuth.cgi> .
-
In current practice a human user notices the login box and types his identifying URL in it, such as http://openid.sun.com/bblfish This is the brilliant invention of OpenId: getting hundreds of millions of people to find it natural to identify themselves via a URL, instead of an email. The user then clicks the "Login button".
In our semantic use case the hyperdata agent would notice the above openid link and would deduce that it needs to login to the site to get more information. Romeo's Id (http://romeo.net/perhaps ) would then be POSTed to the/openidAuth.cgiauthentication endpoint. - The OpenId authentication endpoint then fetches the web page by GETing Romeo's url
http://romeo.net/. This returned representation contains a link in the header of the page pointing Romeo's OpenId server url. If the representation returned is html then this would contain the following in the header<link rel="openid.server" href="https://openid.sun.com/openid/service" />
- The representation returned in step 3, could contain a lot of other information too. A link to a foaf file may not be a bad idea as I described in foaf and openid. The returned representation in step 3 could even be RDFa extended html, in which case this step may not even be necessary. For a hyperdata server the information may be useful, as it may suggest a connection Romeo could have to some other people that would allow it to decide whether it wishes to continue the login process.
- Juliette's OpenId authentication endpoint then sends a redirect to Romeo's user agent, directing it towards his OpenId Identity Provider. The redirect also contains the URL of the OpenId authentication cgi, so that in step 8 below the Identity Provider can redirect a message back.
- Romeo user agent dutifully redirects romeo to the identity provider, which then returns a form with a username and password entry box.
- Romeo's user agent could learn to fill the user name password pair in automatically and even skip the previous step 6 . In any case given the user name and password, the Identity Provider then sends back some cryptographic tokens to the User Agent to have it redirect to the OpenId Authentication cgi at
http://juliette.net/openidAuth.cgi. - Romeo's Hyperdata user agent then dutifully redirects back to the OpenId authentication endpoint
- The authentication endpoint sends a request to the Openid Identity provider to verify that the cryptographic token is authentic. If it is, a conventional answer is sent back.
- The OpenId authentication endpoint finally sends a response back with a session cookie, giving access to various resources on Juliette's web site. Perhaps it even knows to redirect the user agent to a protected resource, though that would have required some information concerning this to have been sent in stage 2.
- Finally Romeo's user agent can GET Juliette's protected information if Juliette's hyperdata web server permits it. In this case it will, because Juliette loves Romeo.
All of the steps above could be automatized, so from the user's point of view they may not be complicated. The user agent could even learn to fill in the user name and password required by the Identity Provider. But there are still a very large number of connections between the User Agent and the different services. If these connections are to be secure they would need to protected by SSL (as hinted at by the double line arrows). And SSL connections are not cheap. So the above may be unacceptably slow. On the other hand it would work with a protocol that is growing fast in acceptance.
It is is certainly worth comparing this sequence diagram with the very light weight one presented in "FOAF & SLL: creating a global decentralised authentication protocol".
Thanks again to Benjamin Nowack for bringing the discussion on RDFAuth to thinking about using the OpenId protocol directly as described above. See his post on the semantic web mailing list. Benjamin also pointed to the HTTP OpenID Authentication proposal, which shows how some of the above can be simplified if certain assumptions about the capabilities of the client are made. It would be worth making a sequence diagram of that proposal too.
Posted at 06:31PM Apr 18, 2008 [permalink/trackback] by Henry Story in SemWeb | Comments[2]
RDFAuth: sketch of a buzzword compliant authentication protocol
Here is a proposal for an authentication scheme that is even simpler than OpenId ( see sequence diagram ), more secure, more RESTful, with fewer points of failure and fewer points of control, that is needed in order to make Open Distributed Social Networks with privacy controls possible.
Update
The following sketch led to the even simpler protocol described in Foaf and SSL creating a global decentralized authentication protocol. It is very close to what is proposed here but builds very closely on SSL, so as to reduce what is new down to nearly nothing.Background
Ok, so now I have your attention, I would like to first mention that I am a great fan of OpenId. I have blogged about it numerous times and enthusiastically in this space. I came across the idea I will develop below, not because I thought OpenId needed improving, but because I have chosen to follow some very strict architectural guidelines: it had to satisfy RESTful, Resource oriented hyperdata constraints. With the Beatnik Address Book I have proven - to myself at least - that the creation of an Open Distributed Social Network (a hot topic at the moment, see the Economist's recent article on Online social network) is feasible and easy to do. What was missing is a way for people to keep some privacy, clearly a big selling point for the large Social Network Providers such as Facebook. So I went on the search of a solution to create a Open Distributed Social Network with privacy controls. And initially I had thought of using OpenId.
OpenId Limitations
But OpenId has a few problems:
- First it is really designed to work with the limitations of current web browsers. It is partly because of this that there is a lot of hopping around from the service to the Identity Provider with HTTP redirects. As the Tabulator, Knowee or Beatnik.
- Parts of OpenId 2, and especially the Attribute Exchange spec really don't feel very RESTful. There is a method for PUTing new property values in a database and a way to remove them that does not use either the HTTP PUT method or the DELETE method.
- The OpenId Attribute Exchange is nice but not very flexible. It can keep some basic information about a person, but it does not make use of hyperdata. And the way it is set up, it would only be able to do so with great difficulty. A RESTfully published foaf file can give the same information, is a lot more flexible and extensible, whilst also making use of Linked Data, and as it happens also solves the Social Network Data Silo problems. Just that!
- OpenId requires an Identity Server. There are a couple of problems with this:
- This server provides a Dynamic service but not a RESTful one. Ie. the representations sent back and forth to it, cannot be cached.
- The service is a control point. Anyone owning such a service will know which sites you authenticate onto. True, you can set up your own service, but that is clearly not what is happening. The big players are offering their customers OpenIds tied to particular authentication servers, and that is what most people will accept.
RDFAuth, a sketch
So following my strict architectural guidelines, I came across what I am just calling RDFAuth, but like everything else here this is a sketch and open to change. I am not a security specialist nor an HTTP specialist. I am like someone who comes to an architect in order to build a house on some land he has, with some sketch of what he would like the house to look like, some ideas of what functionality he needs and what the price he is willing to pay is. What I want here is something very simple, that can be made to work with a few perl scripts.
Let me first present the actors and the resources they wish to act upon.
- Romeo has a Semantic Web Address Book, his User Agent (UA). He is looking for the whereabouts of Juliette.
- Juliette has a URL identifier ( as I do ) which returns a public foaf representation and links to a protected resource.
- The protected resource contains information she only wants some people to know, in this instance Romeo. It contains information as to her current whereabouts.
- Romeo also has a public foaf file. He may have a protected one too, but it does not make an entrance in this scene of the play. His public foaf file links to a public PGP key. I described how that is done in Cryptographic Web of Trust.
- Romeo's Public key is RESTfully stored on a server somewhere, accessible by URL.
So Romeo wants to find out where Juliette is, but Juliette only wants to reveal this to Romeo. Juliette has told her server to only allow Romeo, identified by his URL, to view the site. She could have also have had a more open policy, allowing any of her or Romeo's friends to have access to this site, as specified by their foaf file. The server could then crawl their respective foaf files at regular intervals to see if it needed to add anyone to the list of people having access to the site. This is what the DIG group did in conjunction with OpenId. Juliette could also have a policy that decides Just In Time, as the person presents herself, whether or not to grant them access. She could use the information in that person's foaf file and relating it to some trust metric to make her decision. How Juliette specifies who gets access to the protected resource here is not part of this protocol. This is completely up to Juliette and the policies she chooses her agent to follow.
So here is the sketch of the sequence of requests and responses.
- First Romeo's user Agent knows that Juliette's foaf name is
http://juliette.org/#julietteso it sends an HTTP GET request to Juliette's foaf file located of course athttp://juliette.org/
The server responds with a public foaf file containing a link to the protected resource perhaps with the N3<> rdfs:seeAlso <protected/juliette> .
Perhaps this could also contain some relations describing that resource as protected, which groups may access it, etc... but that is not necessary. - Romeo's User Agent then decides it wants to check out
protected/juliette. It sends a GET request to that resource but this time receives a variation of the Basic Authentication Scheme, perhaps something like:HTTP/1.0 401 UNAUTHORIZED Server: Knowee/0.4 Date: Sat, 1 Apr 2008 10:18:15 GMT WWW-Authenticate: RdfAuth realm="http://juliette.org/protected/*" nonce="ILoveYouToo"
The idea is that Juliette's server returns a nonce (in order to avoid replay attacks), and a realm over which this protection will be valid. But I am really making this up here. Better ideas are welcome. - Romeo's web agent then encrypts some string (the realm?) and the nonce with Romeo's private key. Only an agent trusted by Romeo can do this.
- The User Agent then sends a new GET request with the encrypted string, and his identifier, perhaps something like this
GET /protected/juliette HTTP/1.0 Host: juliette.org Authorization: RdfAuth id="http://romeo.name/#romeo" key="THE_REALM_AND_NONCE_ENCRYPTED" Content-Type: application/rdf+xml, text/rdf+n3
Since we need an identifier, why not just use Romeos' foaf name? It happens to also point to his foaf file. All the better. - Because Juliette's web server can then use Romeo's foaf name to GET his public foaf file, which contains a link to his public key, as explained in "Cryptographic Web of Trust".
- Juliette's web server can then query the returned representation, perhaps meshed with some other information in its database, with something equivalent to the following SPARQL query
PREFIX wot: <http://xmlns.com/wot/0.1/> SELECT ?pgp WHERE { [] wot:identity <http://romeo.name/#romeo>; wot:pubkeyAddress ?pgp . }The nice thing about working at the semantic layer, is that it decouples the spec a lot from the representation returned. Of course as usage grows those representations that are understood by the most servers will create a de facto convention. Intially I suggest using RDF/XML of course. But it could just as well be N3, RDFa, perhaps even some microformat dialect, or even some GRDDLable XML, as the POWDER working group is proposing to do. - Having found the URL of the PGP key, Juliette's server, can GET it - and as with much else in this protocol cache it for future use.
- Having the PGP key, Juliette's server can now decrypt the encrypted string sent to her by Romeo's User Agent. If the decrypted string matches the expected string, Juliette will know that the User Agent has access to Romeo's private key. So she decides this is enough to trust it.
- As a result Juliette's server returns the protected representation.
Advantages
It should be clear from the sketch what the numerous advantages of this system are over OpenId. (I can't speak of other authentication services as I am not a security expert).
- The User Agent has no redirects to follow. In the above example it needs to request one resource
http://juliette.org/twice (2 and 4) but that may only be necessary the first time it accesses this resource. The second time the UA can immediately jump to step 3. [but see problem with replay attacks raised in the comments by Ed Davies, and my reply] Furthermore it may be possible - this is a question to HTTP specialists - to merge step 1 and 2. Would it be possible for a request 1. to return a 20x code with the public representation, plus a WWWAuthenticate header, suggesting that the UA can get a more detailed representation of the same resource if authenticated? In any case the redirect rigmarole of OpenId, which is really there to overcome the limitations of current web browsers, in not needed. - There is no need for an Attribute Exchange type service. Foaf deals with that in a clear and extensible RESTful manner. This simplifies the spec dramatically.
- There is no need for an identity server, so one less point of failure, and one less point of control in the system. The public key plays that role in a clean and simple manner
- The whole protocol is RESTful. This means that all representations can be cached, meaning that steps 5 and 7 need only occur once per individual.
- As RDF is built for extensibility, and we are being architecturally very clean, the system should be able to grow cleanly.
Contributions
I have been quietly exploring these ideas on the foaf and semantic web mailing lists, where I received a lot of excellent suggestions and feedback.
- In January I asked on foaf dev list how one should cut up a foaf file in order to be able to protect parts of the information, in a thread entitled "for more information please log in". This lead to an initial proposal by Dave Brondsema which I summarized on Jan 18.
- This week I started out the conversation again, and extended it to the semantic web mailing list to get some wider interest with a thread entitled "privacy and open data".
- The above thread led me to sketch out more clearly the functioning of this protocol, with a post entitled "RDFAuth: an initial sketch", that developed into a very useful thread. I tried to take account some of the suggestions put forward there in writing this post. Others suggestions, such as the idea by Renato Gollin to work into this a three way challenge response are very interesting and should be looked into, but are way over my head.
- I had a very useful discussion with Benjamin Nowack (a.k.a. bengee) on #swig where he pointed me to some initial work he had done on the same subject. He had sketched this out on the swig wiki and called it RDFAuth. Since this was clearly going in the same direction I took us to be working on the same project. The next day I found that we may have slightly different views on how this should go. Bengee seems to think we need a token server. I hope we really don't. The big advantage of using Public Key cryptography is that it massively simplifies the protocol. I still think I can convince him :-), so I have kept the name.
- Toby Inkster, suggested a way to link this in with HTTPS which would be fabulous. I missed the post, and he reminded me by summarising it here. Not being an https expert (yet) I can't comment. I have been reading up on this and it does seem to be an even better solution. See the thread on the HTTP-WG mailing list. It is really a brilliant idea. I am working on this and will post an update as soon as I have something working.
- Peter Williams suggested looking at RFC 2617: on Basic and Digest Authentication and the less successful RFC 2693 SPKI Certificate Theory.
Finally
So I suppose I am now looking for feedback from a wider community. PGP experts, security experts, REST and HTTP experts, semantic web and linked data experts, only you can help this get somewhere. I will never have the time to learn these fields in enough detail by myself. In any case all this is absolutely obviously simple, and so completely unpatentable :-)
Thanks for taking the time to read this