FusionForge

Auth WebID Plugin

From FusionForge Wiki
Revision as of 10:09, 15 March 2013 by Yannick56 (talk | contribs) (Yannick56 moved page WebID Auth plugin to WebID Auth Plugin: Renaming for normalizing URL and have more clear header title in wiki page for this plugin - Renommage pour normalisation URL et rendre plus clair le titre d'entete de la page wiki d...)

Jump to: navigation, search

WebID is a proposed standard to integrate the use of SSL client certs and FOAF (to describe a person's profile) in order to provide an authentication "token" for Web services.

This authwebid plugin allows SSO with "one-clik" through the use of WebID.

The principle is to bind existing fusionforge user accounts to URIs (the WebIDs in question), and to delegate to a third party WebID identity provider the responsability to verify the authentication with these WebIDs.

The admin of the forge must then trust that WebID Identity Provider (IdP) to properly verify the user's SSL client cert associated to that WebID (see the WebID specs for the principles of WebID's use of SSL client certs).

Popular WebID Idp are foafssl.org and auth.my-profile.eu.

The plugin relies on the WebIDDelegatedAuth library which embeds the necessary bits to check the IdP's response.

For those used to OpenID or BrowserID, it's more or less the same principle, but under the hood, WebID uses Semantic Web standards like RDF (FOAF) and SSL certs, is distributed by mature, rendering authentication less prone to monopolies (among other nice properties).

The code was committed to the trunk, but works on 5.2.

See the corresponding initial feature request : https://fusionforge.org/tracker/index.php?func=detail&aid=311&group_id=6&atid=114