Thursday, January 19, 2012

identity page of Peter Williams

This post demonstrates how I can use a Blogspot hosted blog post to store Identity oriented claims that mirror those in my local keychain hosted x.509 certificate. The steps for achieving this are as follows:

  1. Write post -- this creates the place holder your claims
  2. Publish post -- this gets you a URL for the location of your claims
  3. Generate Certificate -- using a generator of your choice [1][2] generate an x.509 certificate with a WebID watermark in the subjectAlternateName slot using an HTTP scheme URI based Name of the form: {Blog-Post-Permalink}#this e.g.,
  4. Then return to your blog post and insert a hCard snippet that mirrors the identity claims in the x.509 certificate you've just generated (see snippet template and example further down)
  5. Save and publish blog post
  6. Use a WebID verifier [3][4] to verify you WebID i.e., lookup your Blog post for the claims made in your x.509 certificate (specifically, that your WebID identifies the Subject of the Certificate)
  7. Done!
 hCard Template:

  <div id="hcard" class="vcard">
  <a class="url fn" href="{WebID}">@kidehen (BrowerID 2)</a>
  <a class="email" href="{mailto: URI}">{Email-Address}</a>
  <a class="key" href="{data: URI for Public Key in DER}">Public Key</a>
  <a class="key" href="{Certificate URL}">Public Key Ref</a>

Excerpts from actual hCard snippet embedded in this post:



Powered by Blogger.

About Me