Home My Page Projects FusionForge
Summary Activity Forums Tracker Lists News SCM Files Mediawiki Hudson/Jenkins


Auth WebID Plugin

From FusionForge Wiki
Jump to: navigation, search
Auth WebID Plugin
This authwebid plugin allows SSO with "one-clik" through the use of WebID. Plugin available since FusionForge 5.3.x .
Plugin Changelog
Plugin Changelog for authwebid

WebID is a proposed standard to integrate the use of SSL client certs and FOAF (to describe a person's profile) in order to provide an authentication "token" for Web services.

This authwebid plugin allows SSO with "one-clik" through the use of WebID.

The principle is to bind existing fusionforge user accounts to URIs (the WebIDs in question), and to delegate to a third party WebID identity provider the responsability to verify the authentication with these WebIDs.

The admin of the forge must then trust that WebID Identity Provider (IdP) to properly verify the user's SSL client cert associated to that WebID (see the WebID specs for the principles of WebID's use of SSL client certs).

Popular WebID Idp are foafssl.org and auth.my-profile.eu.

The plugin relies on the WebIDDelegatedAuth library which embeds the necessary bits to check the IdP's response.

For those used to OpenID or BrowserID, it's more or less the same principle, but under the hood, WebID uses Semantic Web standards like RDF (FOAF) and SSL certs, is distributed by mature, rendering authentication less prone to monopolies (among other nice properties).

The code was committed to the trunk, but works on 5.2.

See the corresponding initial feature request : #311 Provide a WebID authentication plugin