Not logged in : Login

About: EntryPoint - user_certificates_create     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : schema:EntryPoint, within Data Space : ods.openlinksw.com associated with source document(s)

ODS is a full-featured WebID server and supports authentication via WebID in all situations. Clients can easily create new WebID certificates via this method.WebID authentication means that the client sends an X.509 certificate with an embedded profile URL denoting the authenticating person. That URL resolves to an RDF profile document containing the public key from the certificate.The simplest way to create a new WebID-enabled X.509 certificate is for the client to use the keygen HTML tag to create a new RSA key pair. The public key will be sent to this method. ODS will then prepare the certifcate and return it to the client with mimetype application/x-x509-user-cert. The browser will install that certifcate in its key ring. It can then be used in suqsequent authentication actions with ODS or any other WebID enabled system.Example: The minimal HTML code to create a new client certificate looks like the following: {.html} Here the keygen tag creates the key pair and makes sure that the public key is sent on form submission. The hidden input fields are required for Authentication via Session Id. The realm is fixed to wa, but the session id value sid needs to be provided by the client from a previous authentication. How this value is filled in depends on the programming language used to build the client.Instead of using Authentication via Session Id via two hidden input fields clients could also use classical user digest credentials as detailed in Password Hash Authentication. commonName The optional common name used for the certificate. If omitted one will be built from the ODS user profile name and the ODS domain name. country The optional country used in the certificate. If omitted the value will be taken from the ODS user profile. organization The optional organization used in the certificate. If omitted the value will be taken from the ODS user profile. email The optional email address used in the certificate. If omitted the value will be taken from the ODS user profile. Be aware That the created certificate can only be used to digitally sign emails if the email address matches. expirationDays The optional number of days this certificate should be valid. This defaults to 365 days, ie. one year. expirationHours The optional number of hours thsi certificate should be valid. This value will be added to the value of expirationDays and simply provides a means for a finer-grained expiration control. publicKey The mandatory public key in SPKI format. The new X.509 certificate with mimetype application/x-x509-user-cert or an error code as defined in ODS Error Result Codes. On error an appropriate HTTP error code will be set in addition to a return value as described in ODS Error Result Codes. AuthenticationThis function requries authentication via one of the supported authentication methods as described in ODS Authentication.

AttributesValues
type
schema:url
schema:httpMethod
  • GET
schema:contentType
  • text/xml
http://www.openlin...es#isWebServiceOf
http://www.openlin...vices#endPointURL
schema:shortDescription
  • Create a new client certificate and accociate it with the authenticated user.

http://www.openlin...ices#hasParameter
schema:name
  • EntryPoint - user_certificates_create
schema:description
  • ODS is a full-featured WebID server and supports authentication via WebID in all situations. Clients can easily create new WebID certificates via this method.

    WebID authentication means that the client sends an X.509 certificate with an embedded profile URL denoting the authenticating person. That URL resolves to an RDF profile document containing the public key from the certificate.

    The simplest way to create a new WebID-enabled X.509 certificate is for the client to use the keygen HTML tag to create a new RSA key pair. The public key will be sent to this method. ODS will then prepare the certifcate and return it to the client with mimetype application/x-x509-user-cert. The browser will install that certifcate in its key ring. It can then be used in suqsequent authentication actions with ODS or any other WebID enabled system.

    Example:

    The minimal HTML code to create a new client certificate looks like the following: {.html} <formaction="/ods/api/user.certificates.create"> <keygenname="publicKey"/> <inputname="sid"type="hidden"value="SID"/> <inputname="realm"type="hidden"value="wa"/> <inputtype="submit"value="CreateCertificate"/> </form>

    Here the keygen tag creates the key pair and makes sure that the public key is sent on form submission. The hidden input fields are required for Authentication via Session Id. The realm is fixed to wa, but the session id value sid needs to be provided by the client from a previous authentication. How this value is filled in depends on the programming language used to build the client.

    Instead of using Authentication via Session Id via two hidden input fields clients could also use classical user digest credentials as detailed in Password Hash Authentication.

  • commonName

    The optional common name used for the certificate. If omitted one will be built from the ODS user profile name and the ODS domain name.

  • country

    The optional country used in the certificate. If omitted the value will be taken from the ODS user profile.

  • organization

    The optional organization used in the certificate. If omitted the value will be taken from the ODS user profile.

  • email

    The optional email address used in the certificate. If omitted the value will be taken from the ODS user profile. Be aware That the created certificate can only be used to digitally sign emails if the email address matches.

  • expirationDays

    The optional number of days this certificate should be valid. This defaults to 365 days, ie. one year.

  • expirationHours

    The optional number of hours thsi certificate should be valid. This value will be added to the value of expirationDays and simply provides a means for a finer-grained expiration control.

  • publicKey

    The mandatory public key in SPKI format.

The new X.509 certificate with mimetype application/x-x509-user-cert or an error code as defined in ODS Error Result Codes. On error an appropriate HTTP error code will be set in addition to a return value as described in ODS Error Result Codes.

Authentication

This function requries authentication via one of the supported authentication methods as described in ODS Authentication.

is schema:target of
Faceted Search & Find service v1.17_git132 as of May 12 2023


Alternative Linked Data Documents: iSPARQL | ODE     Content Formats:   [cxml] [csv]     RDF   [text] [turtle] [ld+json] [rdf+json] [rdf+xml]     ODATA   [atom+xml] [odata+json]     Microdata   [microdata+json] [html]    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3332 as of Sep 11 2024, on Linux (x86_64-generic-linux-glibc25), Single-Server Edition (15 GB total memory, 2 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software