python and php implementations of foaf+ssl

We now have two new implementations of foaf+ssl authentication protocol, in addition to the java one I blogged about earlier. If you have followed the procedure there to create your certificate, add it to your browser, and publish a minimal foaf file you can then try out these two servers.

Melvin Carvhalo, who owns the great domain name foaf.me, has implemented this in PHP in a very nicely layered fashion. In recent mail to the foaf protocols list he published the following end points:

  1. a test ssl resource will from a simple ssl connection that asks for the client certificate:
    • Display the output of the $_SERVER global variable
    • Display the details in the supplied Client Certificate
    • Display the Client Public Key info
    • Function returning the Client Public Key info in HEX
    • Function returning the subjectAltName in the Client Certificate
  2. foaf tester that after getting the URI in your certificate from the X509 v3 extensions section will fetch the foaf at that URL and
    • Convert the FOAF into an array of triples which it displays
    • Find the RSA Key of the declared subject ("owner") within a FOAF file
    • Get the list of friends in a FOAF file
  3. and finally the foaf+ssl tester, which Melvin pointed to in another email to the list, which will use the foaf+ssl protocol to log you into a server in one https connection. The server only does authentication and the minimal authorization: if it can authenticate you, then you are authorized

These three minimal services are very helpful as they allow us to detect and debug each stage in the protocol carefully. I highly recomment this step by step approach (and will therefore have to add this to my own examples!)

Ian Jacobi from MIT, has worked on extending authorization more with his python based server to also check your identity in a social network. See his detailed post on this "TAAC in action". Ian was in fact the first to have a running implementation I'd like to point out.

Keep these coming!

In the meantime I am working on authorization schemes, and am currently reading a complex paper Vladimir Kolovski, James Hendler, and Bijan Parsia entitled "Formalizing XACML Using Defeasible Description Logics". Clark Kendall is blogging about this under the policy management tag, which contains a less mathematical overview of the paper. I'll report back when I have managed to digest this. Read it if you need an antidote to twitter.

Comments:

[Trackback] Bookmarked your post over at Blog Bookmarker.com!

Posted by php on December 24, 2008 at 12:31 PM CET #

Post a Comment:
Comments are closed for this entry.
About

bblfish

Search

Archives
« July 2015
MonTueWedThuFriSatSun
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today