1Web::ID::FAQ(3) User Contributed Perl Documentation Web::ID::FAQ(3)
2
3
4
6 Web::ID::FAQ - frequently asked questions about WebID
7
9 So what is WebID?
10 Web Identification and Discovery.
11
12 Firstly it's the concept of identifying people with HTTP URIs. URI
13 stands for Uniform Resource Identifier. While often used as identifiers
14 for web pages and other digital resources, they're just string
15 identifiers and may be used to identify anything - car parts, gorillas,
16 abstract concepts, and, yes, people.
17
18 WebID is also a protocol that allows websites to discover which URI
19 identifies you, using a secure certificate that is installed in your
20 browser.
21
22 URIs can identify non-digital resources?
23 Yes. Of course, if you type a URI which identifies a web page into a
24 web browser, you'd expect to see that web page (or an error message
25 explaining why you cannot), but if you type a URI which identifies a
26 car part, don't expect that spark plug to jump out of your screen into
27 your hands.
28
29 URIs that identify non-digital resouces should either be unresolvable
30 (e.g. "urn:isbn:978-0099800200" which identifies a book - your browser
31 can't do anything with that URI); should produce an error message
32 explaining why the resource cannot be provided; or should redirect to a
33 digital resource (e.g. "http://example.com/id/alice" might identify
34 Alice, and redirect to "http://example.com/data/alice" which is a
35 document with information about Alice).
36
37 Further reading: Cool URIs for the Semantic Web,
38 <http://www.w3.org/TR/cooluris/>.
39
40 So I can use WebID to limit who has access to my site?
41 On its own, no.
42
43 WebID allows a website to establish an identifier for a visitor, but
44 what the website does with that information (whether it uses it to
45 block access to certain resources) is beyond the scope of WebID.
46
47 How does WebID work?
48 In summary, your browser establishes an HTTPS connection to a web
49 server. As part of the SSL/TLS handshake, the server can request that
50 the browser identifies itself with a certificate. Your browser then
51 sends your certificate to the server. This certificate includes a URI
52 that identifies you.
53
54 Behind the scenes, the server fetches that URI, and retrieves a profile
55 document about you (this document can include as much or as little
56 personal data about you as you like). This document uses the RDF data
57 model, and contains data that allows the server to verify that the
58 certificate exchanged as part of your HTTPS request really belongs to
59 you.
60
61 The user experience is that a WebID user visits a WebID-enabled site;
62 their browser prompts them to pick a certificate from the list of
63 installed certificates; they choose; the site knows who they are.
64
65 No passwords are required (though many browsers do offer the option to
66 protect the installed certificates with a password).
67
68 So WebID requires HTTPS?
69 WebID could theoretically be used over other SSL/TLS protocols, such as
70 OpenVPN, secure IMAP/POP3 connections, and so forth.
71
72 But yes, it only works over secure connections. Really, would you want
73 to be identifying yourself over an insecure channel?
74
75 How can I use WebID in Perl?
76 For Plack/PSGI-based websites, there exists a module
77 Plack::Middleware::Auth::WebID to make things (relatively) easy. It
78 stuffs the client's WebID URI into "$env->{WEBID}".
79
80 For Catalyst-based websites, be aware that recent versions of Catalyst
81 are built on Plack. See Catalyst::PSGI for details.
82
83 Otherwise, you need to use Web::ID directly. Assuming you've configured
84 your web server to request a client certificate from the browser, and
85 you've managed to get that client certificate into Perl in PEM format,
86 then it's just:
87
88 my $webid = Web::ID->new(certificate => $pem);
89 my $uri = $webid->uri;
90
91 And you have the URI.
92
93 What is PEM? Well, X509 certificates come in a variety of different
94 interrelated formats. PEM is a common one, and often what web servers
95 make available. If you have DER though, it's easy to convert it to PEM:
96
97 my $pem = "\n-----BEGIN CERTIFICATE-----\n"
98 . encode_base64($der)
99 . "\n-----END CERTIFICATE-----\n";
100
101 If you have another format, then OpenSSL may be able to convert it.
102
103 Once you have the URI, you can use it as a plain old string identifier
104 for the user, whenever you need to identify them in databases, etc.
105
106 The $webid object in the above example, or in the Plack middleware,
107 "$env->{WEBID_OBJECT}", is an object blessed into the Web::ID package
108 and will allow you to retrieve further information about the user -
109 their name, e-mail address, blog URL, interests, friends, etc -
110 depending on what information they've chosen to include in their
111 profile.
112
113 How does WebID compare to OpenID?
114 Both use URIs to identify people, however the way they choose their
115 URIs differs. In OpenID you use the same URI string to identify your
116 blog or homepage, and to identify yourself. In WebID you use different
117 URIs to identify different things - one URI for your blog, one for you.
118
119 In WebID you almost never have to type that URI - it's embedded into a
120 certificate in your browser's certificate store.
121
122 WebID doesn't require typing or passwords. This makes it more suitable
123 than OpenID for non-interactive processes (e.g. authenticated downloads
124 run via a cron job).
125
126 WebID requires a secure connection.
127
128 WebID is built upon the architecture of the Semantic Web.
129
131 Web::ID.
132
134 Toby Inkster <tobyink@cpan.org>.
135
137 This software is copyright (c) 2012 by Toby Inkster.
138
139 This is free software; you can redistribute it and/or modify it under
140 the same terms as the Perl 5 programming language system itself.
141
142 This FAQ document is additionally available under the Creative Commons
143 Attribution-ShareAlike 2.0 UK: England and Wales licence
144 <http://creativecommons.org/licenses/by-sa/2.0/uk/>, and the GNU Free
145 Documentation License version 1.3, or at your option any later version
146 <http://www.gnu.org/licenses/fdl>.
147
149 THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
150 WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
151 MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
152
153
154
155perl v5.34.0 2022-01-21 Web::ID::FAQ(3)