The latest version of this module can be found at:
Visit the W3 ESW wiki for more information about FOAF+SSL:
Release versions of the following packages for your Linux distribution:
Development versions of the following packages for your Linux distribution:
Use the following compilation and installation procedure:
$ autoconf $ ./configure $ sudo make install
The 'make install' command calls Apache's apxs utility to create and install the mod_authn_webid DSO using default Apache module installation parameters.
LoadModule authn_webid_module modules/mod_authn_webid.so
SSLVerifyClient optional_no_ca
# WebID ignored
<Location />
</Location>
# WebID optional
<Location /public/>
AuthType WebID
Require everyone
AuthWebIDAuthoritative off
</Location>
# WebID required
<Location /private/>
AuthType WebID
Require valid-user
</Location>
Clients are verified using the following SPARQL query:
PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
PREFIX cert: <http://www.w3.org/ns/auth/cert#>
PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
SELECT ?m ?e ?mod ?exp WHERE {
?key cert:identity <%s>;
rsa:modulus ?m;
rsa:public_exponent ?e.
OPTIONAL { ?m cert:hex ?mod . }
OPTIONAL { ?e cert:decimal ?exp. }
}
%s is substituted by the client's WebID claim.
Matching modulus and exponent triggers successful authentication. Only hex characters [0-9a-f] are considered for modulus comparison.
The optional clauses maintain compatibility for users with FOAF WebIDs before the changes to the cert datatypes discussed on foaf-protocols here: http://lists.foaf-project.org/pipermail/foaf-protocols/2010-March/001857.html
Please visit the issue tracker for bug reports, feature requests, and other support.
Joe Presbrey
presbrey@csail.mit.edu