1Web::ID::FAQ(3)       User Contributed Perl Documentation      Web::ID::FAQ(3)
2
3
4

NAME

6       Web::ID::FAQ - frequently asked questions about WebID
7

FREQUENTLY ASKED QUESTIONS

9   So what is WebID?
10       Web Identification and Discovery.
11
12       Firstly it's the concept of identifying people with HTTP URIs. URI
13       stands for Uniform Resource Identifier. While often used as identifiers
14       for web pages and other digital resources, they're just string
15       identifiers and may be used to identify anything - car parts, gorillas,
16       abstract concepts, and, yes, people.
17
18       WebID is also a protocol that allows websites to discover which URI
19       identifies you, using a secure certificate that is installed in your
20       browser.
21
22   URIs can identify non-digital resources?
23       Yes. Of course, if you type a URI which identifies a web page into a
24       web browser, you'd expect to see that web page (or an error message
25       explaining why you cannot), but if you type a URI which identifies a
26       car part, don't expect that spark plug to jump out of your screen into
27       your hands.
28
29       URIs that identify non-digital resouces should either be unresolvable
30       (e.g. "urn:isbn:978-0099800200" which identifies a book - your browser
31       can't do anything with that URI); should produce an error message
32       explaining why the resource cannot be provided; or should redirect to a
33       digital resource (e.g. "http://example.com/id/alice" might identify
34       Alice, and redirect to "http://example.com/data/alice" which is a
35       document with information about Alice).
36
37       Further reading: Cool URIs for the Semantic Web,
38       <http://www.w3.org/TR/cooluris/>.
39
40   So I can use WebID to limit who has access to my site?
41       On its own, no.
42
43       WebID allows a website to establish an identifier for a visitor, but
44       what the website does with that information (whether it uses it to
45       block access to certain resources) is beyond the scope of WebID.
46
47   How does WebID work?
48       In summary, your browser establishes an HTTPS connection to a web
49       server. As part of the SSL/TLS handshake, the server can request that
50       the browser identifies itself with a certificate. Your browser then
51       sends your certificate to the server. This certificate includes a URI
52       that identifies you.
53
54       Behind the scenes, the server fetches that URI, and retrieves a profile
55       document about you (this document can include as much or as little
56       personal data about you as you like). This document uses the RDF data
57       model, and contains data that allows the server to verify that the
58       certificate exchanged as part of your HTTPS request really belongs to
59       you.
60
61       The user experience is that a WebID user visits a WebID-enabled site;
62       their browser prompts them to pick a certificate from the list of
63       installed certificates; they choose; the site knows who they are.
64
65       No passwords are required (though many browsers do offer the option to
66       protect the installed certificates with a password).
67
68   So WebID requires HTTPS?
69       WebID could theoretically be used over other SSL/TLS protocols, such as
70       OpenVPN, secure IMAP/POP3 connections, and so forth.
71
72       But yes, it only works over secure connections. Really, would you want
73       to be identifying yourself over an insecure channel?
74
75   How can I use WebID in Perl?
76       For Plack/PSGI-based websites, there exists a module
77       Plack::Middleware::Auth::WebID to make things (relatively) easy.  It
78       stuffs the client's WebID URI into "$env->{WEBID}".
79
80       For Catalyst-based websites, be aware that recent versions of Catalyst
81       are built on Plack. See Catalyst::PSGI for details.
82
83       Otherwise, you need to use Web::ID directly. Assuming you've configured
84       your web server to request a client certificate from the browser, and
85       you've managed to get that client certificate into Perl in PEM format,
86       then it's just:
87
88         my $webid  = Web::ID->new(certificate => $pem);
89         my $uri    = $webid->uri;
90
91       And you have the URI.
92
93       What is PEM? Well, X509 certificates come in a variety of different
94       interrelated formats. PEM is a common one, and often what web servers
95       make available. If you have DER though, it's easy to convert it to PEM:
96
97         my $pem = "\n-----BEGIN CERTIFICATE-----\n"
98                 . encode_base64($der)
99                 . "\n-----END CERTIFICATE-----\n";
100
101       If you have another format, then OpenSSL may be able to convert it.
102
103       Once you have the URI, you can use it as a plain old string identifier
104       for the user, whenever you need to identify them in databases, etc.
105
106       The $webid object in the above example, or in the Plack middleware,
107       "$env->{WEBID_OBJECT}", is an object blessed into the Web::ID package
108       and will allow you to retrieve further information about the user -
109       their name, e-mail address, blog URL, interests, friends, etc -
110       depending on what information they've chosen to include in their
111       profile.
112
113   How does WebID compare to OpenID?
114       Both use URIs to identify people, however the way they choose their
115       URIs differs. In OpenID you use the same URI string to identify your
116       blog or homepage, and to identify yourself. In WebID you use different
117       URIs to identify different things - one URI for your blog, one for you.
118
119       In WebID you almost never have to type that URI - it's embedded into a
120       certificate in your browser's certificate store.
121
122       WebID doesn't require typing or passwords. This makes it more suitable
123       than OpenID for non-interactive processes (e.g. authenticated downloads
124       run via a cron job).
125
126       WebID requires a secure connection.
127
128       WebID is built upon the architecture of the Semantic Web.
129

SEE ALSO

131       Web::ID.
132

AUTHOR

134       Toby Inkster <tobyink@cpan.org>.
135
137       This software is copyright (c) 2012 by Toby Inkster.
138
139       This is free software; you can redistribute it and/or modify it under
140       the same terms as the Perl 5 programming language system itself.
141
142       This FAQ document is additionally available under the Creative Commons
143       Attribution-ShareAlike 2.0 UK: England and Wales licence
144       <http://creativecommons.org/licenses/by-sa/2.0/uk/>, and the GNU Free
145       Documentation License version 1.3, or at your option any later version
146       <http://www.gnu.org/licenses/fdl>.
147

DISCLAIMER OF WARRANTIES

149       THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
150       WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
151       MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
152
153
154
155perl v5.30.0                      2019-07-26                   Web::ID::FAQ(3)
Impressum