You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@clerezza.apache.org by "Henry Story (JIRA)" <ji...@apache.org> on 2011/01/23 17:21:43 UTC

[jira] Created: (CLEREZZA-404) permit disabling of WebID certificates

permit disabling of WebID certificates
--------------------------------------

                 Key: CLEREZZA-404
                 URL: https://issues.apache.org/jira/browse/CLEREZZA-404
             Project: Clerezza
          Issue Type: New Feature
         Environment: all
            Reporter: Henry Story


It should be possible to disable client side WebID enabled certificates created on Clerezza if one's personal machine gets stolen or one's private keys are somehow compromised. Currently this just requires that one's public keys be removed from Clerezza or that the cert:identity relation relating the public key to the user be removed.

(by the way the WebID incubator group is starting at http://www.w3.org/2005/Incubator/webid/charter )


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (CLEREZZA-404) permit disabling of WebID certificates

Posted by "Henry Story (JIRA)" <ji...@apache.org>.

    [ https://issues.apache.org/jira/browse/CLEREZZA-404?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12985356#action_12985356 ] 

Henry Story commented on CLEREZZA-404:
--------------------------------------

to be able to disable a certificate one has to have a list of certificates that were created on that account and a form to delete them.

> permit disabling of WebID certificates
> --------------------------------------
>
>                 Key: CLEREZZA-404
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-404
>             Project: Clerezza
>          Issue Type: New Feature
>         Environment: all
>            Reporter: Henry Story
>
> It should be possible to disable client side WebID enabled certificates created on Clerezza if one's personal machine gets stolen or one's private keys are somehow compromised. Currently this just requires that one's public keys be removed from Clerezza or that the cert:identity relation relating the public key to the user be removed.
> (by the way the WebID incubator group is starting at http://www.w3.org/2005/Incubator/webid/charter )

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Closed: (CLEREZZA-404) permit disabling of WebID certificates

Posted by "Henry Story (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CLEREZZA-404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Henry Story closed CLEREZZA-404.
--------------------------------

    Resolution: Fixed

This is fixed in  revision 1062459 in Clerezza [1]

   There is a lot more that can be done to improve the implementation in UI terms and others. 

Note: The diff here is bigger than it should be as I (Henry Story) needed to get to understand exactly how ssp's work. So I translated the ssp's back to Scala  classes. Because there is not automatic way of compiling scala classes with OSGi annotations this meant maintaining all the OSGi metadata by hand. 

    Another issue here is that one should look a lot more carefully into separating the html/css from the logic, the way a framework like Wicket does it, which is also the inspiration behind the fully Scala enabled Lift Framework [2]

[1] http://svn.apache.org/viewvc?rev=1062459&view=rev
[2] see page 4 of the exploring lift book http://exploring.liftweb.net

> permit disabling of WebID certificates
> --------------------------------------
>
>                 Key: CLEREZZA-404
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-404
>             Project: Clerezza
>          Issue Type: New Feature
>         Environment: all
>            Reporter: Henry Story
>         Attachments: account control panel.jpg
>
>
> It should be possible to disable client side WebID enabled certificates created on Clerezza if one's personal machine gets stolen or one's private keys are somehow compromised. Currently this just requires that one's public keys be removed from Clerezza or that the cert:identity relation relating the public key to the user be removed.
> (by the way the WebID incubator group is starting at http://www.w3.org/2005/Incubator/webid/charter )

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (CLEREZZA-404) permit disabling of WebID certificates

Posted by "Henry Story (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/CLEREZZA-404?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Henry Story updated CLEREZZA-404:
---------------------------------

    Attachment: account control panel.jpg

Changed org.apache.clerezza.platform.accountcontrolpanel to list the keys and allow keys to be disabled (they currently get deleted).

> permit disabling of WebID certificates
> --------------------------------------
>
>                 Key: CLEREZZA-404
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-404
>             Project: Clerezza
>          Issue Type: New Feature
>         Environment: all
>            Reporter: Henry Story
>         Attachments: account control panel.jpg
>
>
> It should be possible to disable client side WebID enabled certificates created on Clerezza if one's personal machine gets stolen or one's private keys are somehow compromised. Currently this just requires that one's public keys be removed from Clerezza or that the cert:identity relation relating the public key to the user be removed.
> (by the way the WebID incubator group is starting at http://www.w3.org/2005/Incubator/webid/charter )

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.