incubator-clerezza-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henry Story (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLEREZZA-512) SSL Client Authentication
Date Mon, 09 May 2011 11:20:03 GMT

    [ https://issues.apache.org/jira/browse/CLEREZZA-512?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13030687#comment-13030687
] 

Henry Story commented on CLEREZZA-512:
--------------------------------------

yes it's the foaf-ssl bundle that you need. 

The functionality for creating and management of keys is in the platform.accouncontrolpanel

It allows each user to 
  1. create a webid
  2. create one ore more certificates (one per browser for example)
  3. delete keys from the server

The functionality for allowing users to login with their keys is in 

  - platform.security.foafssl

A recent explanation on how this works is here (it was tuned to help get the browser vendors
to understand this)

   The UI of the various pieces can certainly be improved.

There is also a little bit more tuning we need to do in the authentication piece. But it should
be ready for http://d-cent.org/fsw2011/ If you have some energy to help in some way (documentation,
code, whatever...) please let me know. We should try to make sure to coordinate our efforts.
I am bblfish on skype, and you can find all my contact info on http://bblfish.net/


> SSL Client Authentication
> -------------------------
>
>                 Key: CLEREZZA-512
>                 URL: https://issues.apache.org/jira/browse/CLEREZZA-512
>             Project: Clerezza
>          Issue Type: Question
>            Reporter: franco fallica
>            Priority: Minor
>
> Hi,          
> We have the need for SSL Client Authentication and I'm not sure how we would do that.
> So this is the scenario: 
> We have a Jax.rs resource http://domain.com/something/store
> This resource should only be accessible per https and only by "known users" and they
should be autenticated by a SSL Certificate. Other resources should still be accessible over
http with normal user login etc. 
> I understand that for this Clerezza needs to be started with the --https_port and --https_keystore_password
parameters. Additionaly I guess it needs --https_keystore_clientauth need (not want), right?
> And then we need to import the publicKey of the client to the keystore, but how will
this publicKey be mapped to a user in clerezza? 
> I also saw that in the repo is a foafssl bundle, is that what we need?
> Can somebody please explain and/or point us to additional resources to read? 
> Thanks very much
> franco

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message