About: EntryPoint - user_certificates

Not logged in : Login

Facets (new session)
Description
Metadata
Settings
- Rule:
- Inverse Functional Properties:
- "Same As":

About: EntryPoint - user_certificates_create Goto Sponge NotDistinct Permalink

An Entity of Type : schema:EntryPoint, within Data Space : iodbc.org associated with source document(s)

ODS is a full-featured WebID server and supports authentication via WebID in all situations. Clients can easily create new WebID certificates via this method.WebID authentication means that the client sends an X.509 certificate with an embedded profile URL denoting the authenticating person. That URL resolves to an RDF profile document containing the public key from the certificate.The simplest way to create a new WebID-enabled X.509 certificate is for the client to use the keygen HTML tag to create a new RSA key pair. The public key will be sent to this method. ODS will then prepare the certifcate and return it to the client with mimetype application/x-x509-user-cert. The browser will install that certifcate in its key ring. It can then be used in suqsequent authentication actions with ODS or any other WebID enabled system.Example: The minimal HTML code to create a new client certificate looks like the following: {.html} Here the keygen tag creates the key pair and makes sure that the public key is sent on form submission. The hidden input fields are required for Authentication via Session Id. The realm is fixed to wa, but the session id value sid needs to be provided by the client from a previous authentication. How this value is filled in depends on the programming language used to build the client.Instead of using Authentication via Session Id via two hidden input fields clients could also use classical user digest credentials as detailed in Password Hash Authentication. commonName The optional common name used for the certificate. If omitted one will be built from the ODS user profile name and the ODS domain name. country The optional country used in the certificate. If omitted the value will be taken from the ODS user profile. organization The optional organization used in the certificate. If omitted the value will be taken from the ODS user profile. email The optional email address used in the certificate. If omitted the value will be taken from the ODS user profile. Be aware That the created certificate can only be used to digitally sign emails if the email address matches. expirationDays The optional number of days this certificate should be valid. This defaults to 365 days, ie. one year. expirationHours The optional number of hours thsi certificate should be valid. This value will be added to the value of expirationDays and simply provides a means for a finer-grained expiration control. publicKey The mandatory public key in SPKI format. The new X.509 certificate with mimetype application/x-x509-user-cert or an error code as defined in ODS Error Result Codes. On error an appropriate HTTP error code will be set in addition to a return value as described in ODS Error Result Codes. AuthenticationThis function requries authentication via one of the supported authentication methods as described in ODS Authentication.

Attributes	Values
rdf:type	schema:EntryPoint
schema:httpMethod	GET
schema:contentType	text/xml
http://www.openlin...es#isWebServiceOf	ODS_User
http://www.openlin...vices#endPointURL	https://www.iodbc.org/ods/api/user.certificates.create
schema:shortDescription	Create a new client certificate and accociate it with the authenticated user.
http://www.openlin...ices#hasParameter	commonName country organization email expirationDays expirationHours publicKey
schema:name	EntryPoint - user_certificates_create
schema:description	ODS is a full-featured WebID server and supports authentication via WebID in all situations. Clients can easily create new WebID certificates via this method. WebID authentication means that the client sends an X.509 certificate with an embedded profile URL denoting the authenticating person. That URL resolves to an RDF profile document containing the public key from the certificate. The simplest way to create a new WebID-enabled X.509 certificate is for the client to use the keygen HTML tag to create a new RSA key pair. The public key will be sent to this method. ODS will then prepare the certifcate and return it to the client with mimetype application/x-x509-user-cert. The browser will install that certifcate in its key ring. It can then be used in suqsequent authentication actions with ODS or any other WebID enabled system. Example: The minimal HTML code to create a new client certificate looks like the following: {.html} <formaction="/ods/api/user.certificates.create"> <keygenname="publicKey"/> <inputname="sid"type="hidden"value="SID"/> <inputname="realm"type="hidden"value="wa"/> <inputtype="submit"value="CreateCertificate"/> </form> Here the keygen tag creates the key pair and makes sure that the public key is sent on form submission. The hidden input fields are required for Authentication via Session Id. The realm is fixed to wa, but the session id value sid needs to be provided by the client from a previous authentication. How this value is filled in depends on the programming language used to build the client. Instead of using Authentication via Session Id via two hidden input fields clients could also use classical user digest credentials as detailed in Password Hash Authentication. commonName The optional common name used for the certificate. If omitted one will be built from the ODS user profile name and the ODS domain name. country The optional country used in the certificate. If omitted the value will be taken from the ODS user profile. organization The optional organization used in the certificate. If omitted the value will be taken from the ODS user profile. email The optional email address used in the certificate. If omitted the value will be taken from the ODS user profile. Be aware That the created certificate can only be used to digitally sign emails if the email address matches. expirationDays The optional number of days this certificate should be valid. This defaults to 365 days, ie. one year. expirationHours The optional number of hours thsi certificate should be valid. This value will be added to the value of expirationDays and simply provides a means for a finer-grained expiration control. publicKey The mandatory public key in SPKI format. The new X.509 certificate with mimetype application/x-x509-user-cert or an error code as defined in ODS Error Result Codes. On error an appropriate HTTP error code will be set in addition to a return value as described in ODS Error Result Codes. Authentication This function requries authentication via one of the supported authentication methods as described in ODS Authentication.
schema:url	https://www.iodbc.org/ods/api/user.certificates.create
is schema:target of	user_certificates_create

Faceted Search & Find service v1.17_git132 as of May 12 2023

Alternative Linked Data Documents: PivotViewer | iSPARQL | ODE Content Formats:

RDF

ODATA

Microdata

About

OpenLink Virtuoso version 07.20.3238 as of May 23 2023, on Linux (x86_64-generic-linux-glibc25), Single-Server Edition (15 GB total memory, 3 GB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2024 OpenLink Software