Thursday, January 19, 2012

identity page 2 of peter williams

This post demonstrates how one can use a Blogspot hosted blog post to store Identity oriented claims that mirror those in my local keychain hosted x.509 certificate. The steps for achieving this are defined by Kingsley Uyi Idehen, as follows:
  1. Write post -- this creates the place holder your claims
  2. Publish post -- this gets you a URL for the location of your claims
  3. Generate Certificate -- using a generator of your choice [1][2] generate an x.509 certificate with a WebID watermark in the subjectAlternateName slot using an HTTP scheme URI based Name of the form: {Blog-Post-Permalink}#this e.g.,
  4. Then return to your blog post and insert a hCard snippet that mirrors the identity claims in the x.509 certificate you've just generated (see example further down)
  5. Save and publish blog post
  6. Use a WebID verifier [3][4] to verify your WebID i.e., lookup your Blog post for the claims made in your x.509 certificate (specifically, that your WebID identifies the Subject of the Certificate)
  7. Done!
The attached .p12 file allows one to act as me, and try it. The password is “password”.

One tries it here, remember.

Contact Details:

Excerpts from actual hCard snippet embedded in this post:


Anonymous said...

google blogspot acting as openid RP, with (yorkporc) as the IDP

peter williams said...

memo from Google Accounts


Powered by Blogger.

About Me