WebID4VIVO Erich Bremer and Tammy DiPrima Stony Brook University July 18, 2013 PREVIEW! BETA! BETA! BETA! BETA! BETA! BETA!
What is WebID? Single Sign-on authentication No Passwords (uses digital certificates) Central Identity Being developed by the W3C WebID Community Group 67 Members, Henry Story – Chair Originally, it went under the name foaf+ssl The term "WebID" was coined by Dan Brickley and Tim Berners-Lee in 2000 Hopefully, WebID will be in the standards track this year… (fingers crossed)
Key A – I can’t decrypt what I encrypt, but I can decrypt anything Key B encrypts Key B – I can’t decrypt what I encrypt, but I can decrypt anything Key A encrypts Pick A/B or B/A One becomes “Public key” The other the “Private key” Once selection is made, never change it! How this mathematical relationship works is the subject of another talk… How does WebID work in a Nutshell? Public Key Encryption A behind the scenes look…
How does WebID work in a Nutshell? Version: 3 (0x2) Serial Number: 5f:df:d6:be:2c:73:c1:fb:aa:2a:2d:23:a6:91:3b:5c Issuer: O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification Authority Validity Not Before: Jun 8 14:16:14 2010 GMT Not After : Jun 8 16:16:14 2010 GMT Subject: O=FOAF+SSL, OU=The Community Of Self Signers, CN=WebID for Erich Bremer Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: B8:CD:08:20:2D:…….(much much longer than this!) Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Key Usage: critical Digital Signature, Non Repudiation, Key Encipherment, Key Agreement Netscape Cert Type: SSL Client, S/MIME X509v3 Subject Key Identifier: 08:8E:A5:5B:AE:5D:C3:8B:00:B7:30:62:65:2A:5A:F5:D2:E9:00:FA X509v3 Subject Alternative Name: critical URI:http://www.ebremer.com/foaf.rdf#me Signature Algorithm: sha1WithRSAEncryption c0:fd:ac:bc:fb:1b:c9:e0:1c:01:18:5e:44:bb: d8:b8:……. (another really really long string) The X509v3 Certificate
How does WebID work in a Nutshell? The Process Auth Server Jon Client Jon Client’s WebID profile server Hey, I want to log on Give me your WebID certificate Prove to me you have the private key to this public key Give me the WebID profile for the URI listed in this WebID certificate Here ya go! Compares modulus and exponent of WebID cert to the WebID profile Here ya go! Hi Jon!
WebID and VIVO make for great dance partners WebID4VIVO Allows VIVO to accept WebID for authentication Allows VIVO to be a WebID provider Leverages the fact that VIVO provides RDF foundation for WebID Installs within and along side VIVO itself moves data in and out of VIVO using VIVO DAO’s to maintain portability will be available at the low price of free and open-source (BSD – same as VIVO :-) WebID and VIVO (WebID4VIVO)
Possible Future directions using WebID and VIVO W3C WebAccessControl Ontology http://www.w3.org/wiki/WebAccessControl Enable inter-VIVO logins allowing remote delegated editors. Web Of Trust Ontology http://xmlns.com/wot/0.1/ Open Annotations Model (W3C Community Group) http://www.openannotation.org/spec/core/ Link Data Platform (W3C Working Group) http://www.w3.org/2012/ldp/wiki/Main_Page
DEMO TIME! Learn more about WebID at: http://www.w3.org/wiki/WebID