WebID FOAF+SSL authentication module for Apache 2

The latest version of this module can be found at:

Visit the W3 ESW wiki for more information about FOAF+SSL:

Requirements

Release versions of the following packages for your Linux distribution:

Development versions of the following packages for your Linux distribution:

Installing

Use the following compilation and installation procedure:

$ autoconf
$ ./configure
$ sudo make install

The 'make install' command calls Apache's apxs utility to create and install the mod_authn_webid DSO using default Apache module installation parameters.

Configuration Directives

AuthWebIDAuthoritative
Set to 'Off' to allow access control to be passed along to lower modules if the WebID is not known to this module

Sample httpd.conf

LoadModule authn_webid_module modules/mod_authn_webid.so

SSLVerifyClient optional_no_ca

# WebID ignored
<Location />
</Location>

# WebID optional
<Location /public/>
    AuthType WebID
    Require everyone
    AuthWebIDAuthoritative off
</Location>

# WebID required
<Location /private/>
    AuthType WebID
    Require valid-user
</Location>

Authentication Details

Clients are verified using the following SPARQL query:

PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>
PREFIX cert: <http://www.w3.org/ns/auth/cert#>
PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
SELECT ?m ?e ?mod ?exp WHERE {
    ?key cert:identity <%s>;
         rsa:modulus ?m;
         rsa:public_exponent ?e.
    OPTIONAL { ?m cert:hex ?mod . }
    OPTIONAL { ?e cert:decimal ?exp. }
}

%s is substituted by the client's WebID claim.

Matching modulus and exponent triggers successful authentication. Only hex characters [0-9a-f] are considered for modulus comparison.

The optional clauses maintain compatibility for users with FOAF WebIDs before the changes to the cert datatypes discussed on foaf-protocols here: http://lists.foaf-project.org/pipermail/foaf-protocols/2010-March/001857.html

Support

Please visit the issue tracker for bug reports, feature requests, and other support.

Author

Joe Presbrey
presbrey@csail.mit.edu

$Id: README 28777 2010-04-12 20:49:23Z presbrey $