• Facets (new session)
• Description
• Metadata
• Settings
  • Rule: ActivityStreamsMapasEquivalentb3sb3sifpfacetshttp://www.w3.org/2002/07/owl#ldpoffers ontologyoplwebrel-me-authschema-oloskos-transurn:det:rdf:labelurn:rdfs:subclass:subproperty:inference:rulesvirtrdf-eturtle-containersvirtrdf-hashtagvirtrdf-ifpvirtrdf-labelvirtrdf-meta-entity-classvirtrdf-urlNone
    
  • Inverse Functional Properties: Disabled (fastest) Apply to subjects only Apply to objects only Apply to both subjects and objects
  • "Same As": Disabled (fastest) Apply to subjects only Apply to objects only Apply to both subjects and objects (recommended) Apply to subjects, objects and predicates (not recommended on big datasets) Apply to predicates only (special use cases only)

About: EntryPoint - user_certificates_create     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : schema:EntryPoint, within Data Space : openlinksw.com associated with source document(s)

Type: EntryPoint New Facet based on Instances of this Class

ODS is a full-featured WebID server and supports authentication via WebID in all situations. Clients can easily create new WebID certificates via this method.WebID authentication means that the client sends an X.509 certificate with an embedded profile URL denoting the authenticating person. That URL resolves to an RDF profile document containing the public key from the certificate.The simplest way to create a new WebID-enabled X.509 certificate is for the client to use the keygen HTML tag to create a new RSA key pair. The public key will be sent to this method. ODS will then prepare the certifcate and return it to the client with mimetype application/x-x509-user-cert. The browser will install that certifcate in its key ring. It can then be used in suqsequent authentication actions with ODS or any other WebID enabled system.Example: The minimal HTML code to create a new client certificate looks like the following: {.html} Here the keygen tag creates the key pair and makes sure that the public key is sent on form submission. The hidden input fields are required for Authentication via Session Id. The realm is fixed to wa, but the session id value sid needs to be provided by the client from a previous authentication. How this value is filled in depends on the programming language used to build the client.Instead of using Authentication via Session Id via two hidden input fields clients could also use classical user digest credentials as detailed in Password Hash Authentication. commonName The optional common name used for the certificate. If omitted one will be built from the ODS user profile name and the ODS domain name. country The optional country used in the certificate. If omitted the value will be taken from the ODS user profile. organization The optional organization used in the certificate. If omitted the value will be taken from the ODS user profile. email The optional email address used in the certificate. If omitted the value will be taken from the ODS user profile. Be aware That the created certificate can only be used to digitally sign emails if the email address matches. expirationDays The optional number of days this certificate should be valid. This defaults to 365 days, ie. one year. expirationHours The optional number of hours thsi certificate should be valid. This value will be added to the value of expirationDays and simply provides a means for a finer-grained expiration control. publicKey The mandatory public key in SPKI format. The new X.509 certificate with mimetype application/x-x509-user-cert or an error code as defined in ODS Error Result Codes. On error an appropriate HTTP error code will be set in addition to a return value as described in ODS Error Result Codes. AuthenticationThis function requries authentication via one of the supported authentication methods as described in ODS Authentication.