You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@clerezza.apache.org by "Henry Story (JIRA)" <ji...@apache.org> on 2011/05/09 13:24:03 UTC
[jira] [Issue Comment Edited] (CLEREZZA-512) SSL Client
Authentication
[ https://issues.apache.org/jira/browse/CLEREZZA-512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030687#comment-13030687 ]
Henry Story edited comment on CLEREZZA-512 at 5/9/11 11:23 AM:
---------------------------------------------------------------
yes it's the foaf-ssl bundle that you need.
The functionality for creating and management of keys is in the platform.accouncontrolpanel
It allows each user to
1. create a webid
2. create one ore more certificates (one per browser for example)
3. delete keys from the server
The functionality for allowing users to login with their keys is in
- platform.security.foafssl
A recent explanation on how this works is here (it was tuned to help get the browser vendors to understand this)
http://bblfish.net/tmp/2011/04/26/
The UI of the various pieces can certainly be improved.
There is also a little bit more tuning we need to do in the authentication piece. But it should be ready for http://d-cent.org/fsw2011/ If you have some energy to help in some way (documentation, code, whatever...) please let me know. We should try to make sure to coordinate our efforts. I am bblfish on skype, and you can find all my contact info on http://bblfish.net/
was (Author: bblfish):
yes it's the foaf-ssl bundle that you need.
The functionality for creating and management of keys is in the platform.accouncontrolpanel
It allows each user to
1. create a webid
2. create one ore more certificates (one per browser for example)
3. delete keys from the server
The functionality for allowing users to login with their keys is in
- platform.security.foafssl
A recent explanation on how this works is here (it was tuned to help get the browser vendors to understand this)
The UI of the various pieces can certainly be improved.
There is also a little bit more tuning we need to do in the authentication piece. But it should be ready for http://d-cent.org/fsw2011/ If you have some energy to help in some way (documentation, code, whatever...) please let me know. We should try to make sure to coordinate our efforts. I am bblfish on skype, and you can find all my contact info on http://bblfish.net/
> SSL Client Authentication
> -------------------------
>
> Key: CLEREZZA-512
> URL: https://issues.apache.org/jira/browse/CLEREZZA-512
> Project: Clerezza
> Issue Type: Question
> Reporter: franco fallica
> Priority: Minor
>
> Hi,
> We have the need for SSL Client Authentication and I'm not sure how we would do that.
> So this is the scenario:
> We have a Jax.rs resource http://domain.com/something/store
> This resource should only be accessible per https and only by "known users" and they should be autenticated by a SSL Certificate. Other resources should still be accessible over http with normal user login etc.
> I understand that for this Clerezza needs to be started with the --https_port and --https_keystore_password parameters. Additionaly I guess it needs --https_keystore_clientauth need (not want), right?
> And then we need to import the publicKey of the client to the keystore, but how will this publicKey be mapped to a user in clerezza?
> I also saw that in the repo is a foafssl bundle, is that what we need?
> Can somebody please explain and/or point us to additional resources to read?
> Thanks very much
> franco
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira