RESTful Single Sign on shown on the iPhon

by bblfish » Thu, 09 Apr 2009 17:19:52 GMT


Sponsored Links
 Dear Android security team,

We have been working on a project for open distributed social
networks, and as part of this have found a way to use TLS to get one
click authentication - without tying the certificate to a web site
[1].

As I have an iPhone I demonstrated how this works in a non jail broken
one. There is nothing I have changed to the phone to get it running.
For photos on the user interaction see:

   http://blogs.sun.com/bblfish/entry/one_click_global_sign_on 

I am a Java developer, and of course would rather have a more open
Java platform such as Android available to do exactly the same thing.
Perhaps it is even possible now? I am asking here as an Android
newbie, hoping someone may pick this up and help bridge the foaf+ssl
community with the Android community. I can't myself be following
every cell phone OS :-)

  A few things would be nice:

 1. Something like support for a <keygen> tag in the browser. Even if
it is not perfect, it is simple, works in many browsers such as Opera,
Safari, Firefox, ... More advanced versions would be good, but the
minimal one is very useful. I use it to help people create their foaf
+ssl certificate on  http://test.foafssl.org/cert/ 
    By the way the keygen tag is back in html 5, and I support it.
 http://is.gd/r9fD  [2]

 2. Something like a very user friendly KeyChain manager for the whole
OS. I think the iPhone does a reasonble job of this. Having to mail
your certificate to the iPhone is a security risk though, hence the
need for <keygen>. But the Identity Selector presentation on the
iPhone is very nicely done.

  3. I think if you play around with foaf+ssl a little, you will very
soon find a couple of extra ways to make the experience even more user
friendly. Perhaps UI ways of showing the user what identity he is
using, and making it easy to automate certificate selection for a web
site... But that is advanced stuff.

By the way, there may already be a way to send a user certificate to
Android. If so please let us know. We'd like to test this out.

     Yours sincerely,


             Henry Story

      Social Cloud Architect
       http://blogs.sun.com/bblfish 


[1] Usually client certificates are designed for one web site only,
because they have to be certified by a CA, and it is too costly to
have CA create personal certificates. By avoiding the need for a CA,
we remove the tie to the web site.
    The protocol has been called foaf+ssl and has a wiki page
      http://esw.w3.org/topic/foaf +ssl
[2] See the mailing list discussion
 



RESTful Single Sign on shown on the iPhon

by bblfish » Fri, 10 Apr 2009 09:17:56 GMT


 


I should add that the original part of this protocol, is that you do
not need a CA to sign the certificates.
They can be self signed. Hence the cost of producing client
certificates can be brought down to 0. This works
in a very similar way to OpenId except that being RESTful, we can
build on a web of trust, and we only need 1-2
SSL connections instead of OpenId's 8.[2]  There is a lot more on the
details of how this works on the foaf+ssl wiki, and
we have a paper coming up that reveals the logic of the protocol. [3]

In any case, it is clear from the iPhone case that the user experience
is as simple as can be (apart from the piece of uploading
the certificate). The iphone presents the user with an identity
selector that is easy to understand.

Again the iPhone was not designed with this in mind, it just
implemented all the relevant protocols, and has a reasonably good
UserInterface to go with it.

sincerly,

  Henry Story



[1]   http://esw.w3.org/topic/foaf +ssl
[2] openid comparison  http://blogs.sun.com/bblfish/entry/what_does_foaf_ssl_give 
[3] 
 http://lists.foaf-project.org/pipermail/foaf-protocols/2009-March/000366.html 


Sponsored Links


Other Threads

1. Porting to Different Hardware

Hi Androids,

I am new to this group. I would like to testing out this open source
OS, but I don't have  google specific hardware(T1 or ADP). Is there
any option to port this OS to some Nokia mobiles or china  mobiles. If
possible, please some one provide me the details.

Thanks in advance.

Regards,
Sukumar

--~--~---------~--~----~------------~-------~--~----~

2. crash in com.android.camera after calling Images.Media.insertImage

I'm running android sdk v1.1-r1 testing with a T-Mobile G1 device
HT841GZ04082.

I have a jpg on the sdcard that I want to add to the photo viewer.  I
do this quite simply with the test code

   Bitmap bm = BitmapFactory.decodeFile("/sdcard/test.jpg");
   String test = Images.Media.insertImage(getContentResolver(), bm,
"title", "desciption");

which appears to work fine.  I receive a value for bm and test is
"content://media/external/images/media/163" or such.  All great to
this point....yuppie!

Now the problem; when I launch photo viewer from the home screen it
always crashes until I reset the phone.  Here's the crash dump with an
uncaught exception.  I assume this is a bug in the andoid photo
viewer.  Can anyone verify this and/or let me know how else I can add
an existing jpg to the photo viewer without crashing the app?

Thanks.


02-23 16:47:09.152: ERROR/AndroidRuntime(368): Uncaught handler:
thread main exiting due to uncaught exception
02-23 16:47:09.162: ERROR/AndroidRuntime(368):
java.lang.RuntimeException: Unable to resume activity
{com.android.camera/com.android.camera.GalleryPicker}:
java.lang.NullPointerException
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.ActivityThread.performResumeActivity(ActivityThread.java:
2505)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.ActivityThread.handleResumeActivity(ActivityThread.java:
2520)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:
2160)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.ActivityThread.access$1800(ActivityThread.java:112)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.ActivityThread$H.handleMessage(ActivityThread.java:1581)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.os.Handler.dispatchMessage(Handler.java:88)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.os.Looper.loop(Looper.java:123)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.ActivityThread.main(ActivityThread.java:3739)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
java.lang.reflect.Method.invokeNative(Native Method)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
java.lang.reflect.Method.invoke(Method.java:515)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run
(ZygoteInit.java:739)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
com.android.internal.os.ZygoteInit.main(ZygoteInit.java:497)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
dalvik.system.NativeStart.main(Native Method)
02-23 16:47:09.162: ERROR/AndroidRuntime(368): Caused by:
java.lang.NullPointerException
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
com.android.camera.GalleryPicker$GalleryPickerAdapter.init
(GalleryPicker.java:251)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
com.android.camera.GalleryPicker.rebake(GalleryPicker.java:96)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
com.android.camera.GalleryPicker.onResume(GalleryPicker.java:435)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.Instrumentation.callActivityOnResume(Instrumentation.java:
1224)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.Activity.performResume(Activity.java:3359)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     at
android.app.ActivityThread.performResumeActivity(ActivityThread.java:
2492)
02-23 16:47:09.162: ERROR/AndroidRuntime(368):     ... 12 more

--~--~---------~--~----~------------~-------~--~----~

3. OpenGL ES problem: Trouble loading a bitmap texture (comes out blue)

4. ImageButton with different image for rollover/focus

5. Accessibility features

6. Error compiling Bluez on Cupcake

7. Rotate PNG (Bitmap) around a set pivot