I’ve been investigating the generation of WebID profiles for Debian project members for some time.



After earlier experiments on webid.debian.net, in a static and very hackish manner, I’ve investigated the use of Django. Django is no random choice, as it is being used in several ongoing efforts to rewrite some Debian Web services.

Among these is a new LDAP UserDir, which could replace the current version which runs db.debian.org, started by Luca Filipozzi and Martin Zobel-Helas.

I’ve worked on integrating some of the LDAP querying code written by Luca together with the Django WebID provider app written by Ben Nomadic (both modified by me), and the result is a bit hackish for the moment.

It’s very early, but allows the generation of WebID profiles for Debian project members, using data queried in Debian’s LDAP directory, and adding TLS certs to the profiles. The TLS certs could in principle be used later as a WebID + TLS authentication mechanism.

There’s plenty of work ahead, and this may never be deployed, but as an example see the kind of way such WebID profile documents may look (in Turtle format) :

@prefix cert: <http://www.w3.org/ns/auth/cert#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> . @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> . @prefix wot: <http://xmlns.com/wot/0.1/> . @prefix xml: <http://www.w3.org/XML/1998/namespace> . @prefix xsd: <http://www.w3.org/2001/XMLSchema#> . <> a foaf: PersonalProfileDocument ; foaf: primaryTopic <http://db.debian.org/olivier#me> . <#gpgkey> a wot: Pubkey ; wot: fingerprint "ACE46EBD89F6656D6642660BE941DEDA7C5BB6A5" ; wot: pubkeyAddress <ttps://db.debian.org/fetchkey.cgi?fingerprint=ACE46EBD89F6656D6642660BE941DEDA7C5BB6A5> . <http://db.debian.org/olivier#me> a foaf: Person ; cert: key [ a cert: RSAPublicKey ; rdfs: label "key made on [...] on my laptop" ; cert: exponent 65537 ; cert: modulus "bb7d5735181c7687a09abf3c88a064513badfe351f14fc2d738978a7f573d12eb831140a7a02c579f31f4617c14145493aeff4009832ba7fd1c579d6da92f68cd4437072266b000451d6eb45c03cd00b20e1f2230d83bdc3caeebb317e6618dd38a3f53abbbb2b6495a893495d3df685a2f0f599be8a74ef88841ce283dd8f65" ^^xsd:hexBinary ] , [ a cert: RSAPublicKey ; rdfs: label "key made on [...] on my laptop" ; cert: exponent 65537 ; cert: modulus "b078dedb61d215348adaa3315f478eca803513a8750753255f50fd335e3b6afdafd385afb62878edc412bbbc0c125d1805abef2920cb3dccb94d818b4973435f4f312ddfad960db7b7ec4522036e5c1fb1e5d7154756a97e924075b301cdf95e97e3bb665a97cdf0187c2aa229939962b0e9975dfb97c71ea60384af465aa40726fe8a2a1dd504da6a168e7f80fc37a1363d5f583a1a8d4f8253af0e7e5c0f3d2fabb61dd9cde17aba328022fd4be4e0214f407d83a95ec06b2d70c61835bb78ba3b46e8b82be3a4d6d53d88a94123144ef9b7a7c97e9396767505f34995488c62bcd697180f92244c82147a71a5b86a25f2c8ddf0ea965fc8ced8d6b84cff97" ^^xsd:hexBinary ] ; foaf: homepage <http://www.olivierberger.org/> ; foaf: mbox "mailto:obergix@debian.org" ; foaf: name "Olivier Berger" ; foaf: nick "obergix" ; wot: hasKey <#gpgkey> .

Update (2013/11/21): Here a screenshot of the resulting HTML profile (actually RDFa), that I’m generating, alongside the Turtle :

If you’re interested in WebID in the frame of Debian project services, see the discussion list.