Foaf+ssl
FOAF+SSL is an authentication and authorization protocol that links a WebID to a public key to create a global decentralised distributed secure authentication system that functions with existing browsers.
It uses PKI standards - usually thought of as hierarchical trust management tools - in a decentralised web of trust way. The web of trust is build using semantic web vocabularies (particularly foaf) published in RESTful manner to form LinkedData.
It is based on well known existing standards. It is currently in development, and is being discussed on the foaf protocols mailing list
For the most recent description of the protocol read "foaf+ssl: adding security to open distributed social networks", which holds on one page. For a more detailed explanation of how the authentication works "foaf+ssl: creating a web of trust without key signing parties"
Some further pointers
an audio slideshow giving some background on the need for this, some introduction to the semantic web, and a description of the protocol
how to have a web of trust without key signing goes into more detail in how to establish trust in foaf+ssl
Spkac and the netscape keygen tag can be used to create web services that make secure client certificates in one click
outline of of a business model for open distributed social networks, and hence for foaf+ssl
FOAF+SSL backstory - early mailing list discussions and blog posts
Test Pages
FOAF+SSL Simple Login Page Offers diagnostics on your client certificate and underlying FOAF file
Browsers tested
We have tested the basic functionality of foaf+ssl login on
- Firefox: various versions of Firefox do a very good job of presenting the user with a number of his client certificates when connecting to a site. This makes for very nice user experience.
- Opera 9.63: has a similar interface to Firefox allowing the user to select his client certificate
Safari 3.2.1 on OSX: is not always reliable. See this explanation. We are looking for Workarounds
- Internet Explorer 6: does a good job presenting a choice of certificates
- Google Chrome seems to not accept client certificates (need to verify this)
Please add more.
To Do
This is really early days. We have a few test cases, that give us confidence that this does indeed work, we have a growing community (please join), but there is a lot more to do. Here are some thoughts:
- Build more test servers, with nicer user interfaces
- different language implementations
- Build a web site perhaps with a nice UI to direct people to
- Write a detailed spec distilled from the experiences of different implementers
- [ please add features you think are needed to help evaluate this and make it grow. ]