Password-based authentication is inherently difficult to maintain, and presents an awkward option in the context of RESTful client/server interactions over local and wide area networks (LANs and WANs).
X.509 Certificates provide an elegant alternative which is more easily maintained, with a more streamlined user experience overall.
Thanks to its Virtuoso underpinnings, ODS possesses built-in functionality for generating X.509 Certificates with WebID? watermarks.
With ODS, certificate generation is typically done through a web browser. The specific process varies because each browser vendor has chosen their own approach to manage Certificates and their associated Private Keys.
Below, we cover certificate generation for several browsers, with keystore persistence handled variously by the host operating system or the Browser.
|Browser||Generation||OS-based Keystore||Browser-based Keystore||Notes|
|Firefox||.NET-based browser plug-in||Y||N|
|IE|| ||Y||N||When using the user-friendly, Wizard-style interface of this plug-in, you (the issuer) must create a root CA certificate before generating any WebID?-watermarked certificates.|
|IE||Windows-native generator|| Y |
|N||Best reserved for advanced users.|
You can manually use OpenSSL? to generate the certificate, and then import that Certificate to ODS through its PEM Import UI. Then, both Certificate and Private Key must be imported into the OS- and/or browser-based keystore. Finally, the Cert results in Public Key and WebID? relation in Profile Graph.