Andreas Maunz wrote:
> Dear Nina, All,
> 
> Nina Jeliazkova wrote:
>>> PS Do you have the impression that FOAF+SSL is ready for production
>>> systems?
>>>   
>> FOAF+SSL is indeed appealing, but very very new. I have seen some Java
>> code claiming to support it, but prefer not to judge before really
>> trying how it works.  May be we could design a feasibility study with
>> Java from our side and  Andreas taking care of Ruby integration.
> 
> Yesterday afternoon I had a closer look at FOAF+SSL. It is very 
> appealing due to it's inherent support for single sign-on mechanisms.
> 
> It seems however, only the authentication part is covered but not the 
> authorization part. The latter would require additional effort on our 
> side, apart from the yet-missing libraries to support it on several 
> technological platforms.

At foaf.me, the reference PHP implementation, the source code of the 
core component is available:
http://foaf.me/download.php?uri=libAuthentication.php
It seems to me that this would not be hard to implement in e.g. ruby or 
JAVA.

Some information to all who haven't heared anything about FOAF+SSL yet:
- The webservice authenticates users by comparing the SSL certificate 
presented by the client to the user's SSL signature available at a URI 
specified in the user's FOAF file. Of course, this FOAF file must be 
made available to the service beforehand.
- FOAF is an instantiation of RDF/OWL to represent persons, activities 
and relations (http://en.wikipedia.org/wiki/FOAF_%28software%29). Those 
relations could then be used to craft authorization rules.

Greetings
Andreas