Index of /2009/mod_authn_webid

Name	Last modified	Size

Parent Directory		-
Download	2011-02-01 14:35	272
Makefile.in	2011-02-01 14:35	265
README.html	2011-02-01 14:35	2.8K
build.sh	2011-02-01 14:35	147
configure.in	2011-02-01 14:35	1.0K
LICENSE	2011-03-01 20:03	1.1K
mod_authn_webid.c	2011-04-15 08:15	15K

WebID FOAF+SSL authentication module for Apache 2

The latest version of this module can be found at:

http://dig.csail.mit.edu/2009/mod_authn_webid/
https://svn.csail.mit.edu/dig/2009/mod_authn_webid/

Visit the W3 ESW wiki for more information about FOAF+SSL:

http://esw.w3.org/topic/foaf+ssl

Requirements

Release versions of the following packages for your Linux distribution:

Apache >=2.2
mod_ssl

Development versions of the following packages for your Linux distribution:

Apache >=2.2 (httpd-devel)
Redland >=1.0.7 (redland-devel)
OpenSSL >=0.9.8g (openssl-devel)

Installing

Use the following compilation and installation procedure:

$ autoconf
$ ./configure
$ sudo make install

The 'make install' command calls Apache's apxs utility to create and install the mod_authn_webid DSO using default Apache module installation parameters.

Configuration Directives

AuthWebIDAuthoritative: Set to 'Off' to allow access control to be passed along to lower modules if the WebID is not known to this module

Sample httpd.conf

LoadModule authn_webid_module modules/mod_authn_webid.so

SSLVerifyClient optional_no_ca

# WebID ignored
<Location />
</Location>

# WebID optional
<Location /public/>
    AuthType WebID
    Require everyone
    AuthWebIDAuthoritative off
</Location>

# WebID required
<Location /private/>
    AuthType WebID
    Require valid-user
</Location>

Authentication Details

Clients are verified using the following SPARQL query:

PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
PREFIX cert: <http://www.w3.org/ns/auth/cert#>
PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
SELECT ?m ?e ?mod ?exp WHERE {
    ?key cert:identity <%s>;
         rsa:modulus ?m;
         rsa:public_exponent ?e.
    OPTIONAL { ?m cert:hex ?mod . }
    OPTIONAL { ?e cert:decimal ?exp. }
}

%s is substituted by the client's WebID claim.

Matching modulus and exponent triggers successful authentication. Only hex characters [0-9a-f] are considered for modulus comparison.

The optional clauses maintain compatibility for users with FOAF WebIDs before the changes to the cert datatypes discussed on foaf-protocols here: http://lists.foaf-project.org/pipermail/foaf-protocols/2010-March/001857.html

Support

Please visit the issue tracker for bug reports, feature requests, and other support.

Author

Joe Presbrey
presbrey@csail.mit.edu

$Id: README 28777 2010-04-12 20:49:23Z presbrey $