[annotator-dev] Authenticating a user

Rufus Pollock rufus.pollock at okfn.org
Wed Aug 17 13:07:34 UTC 2011


This is somewhat subtle. So, to repeat the docs somewhat on
https://github.com/okfn/annotator/wiki/Authentication. Let's assume you have
yoursite.org where you are doing annotating and you are *storing*
annotations in annotateit.org:

1. Service Provider  = annotateit.org
2. Consumer = yoursite.org
3. User (Agent) = person doing annotations

Annotator is designed so that the Consumer can do the authentication of the
User but the annotations are still stored on the Service Provider with
relevant info about the User. Now the simplest (but insecure) way to do this
is simply for Consumer to put in user info into annotation so that is saved
with the rest of the annotation.

However, this is insecure because a malicious user can obviously change an
annotation before saving (or just talking directly to annotateit.org API).
Thus you want some way for SP and Consumer to share a secret which can be
used to sign relevant parts of the annotation. In our case, to economise on
work done by Consumer, with proper Authentication mode the Consumer just
signs the userid.

On 16 August 2011 15:45, Ewald Zietsman <ewald at siyavula.com> wrote:

> OK I see that if I add a user account on the store, I get a bookmarklet
> that DOES work. The user and account info then gets written to the
> annotation as it should. I've looked at the wiki page you posted. It seems
> to me that I need to tell the Auth plugin where to go and find the auth
> token using the tokenUrl option?


OK, while in dev mode I'd suggest ignoring the full 'Auth' with signing and
just set the relevant user fields on the annotation when saving. We can
re-add the full signed Auth later (we also need to double-check that plugin
as there were some issues earlier). I've added a annotated example showing
how to do this on <https://github.com/okfn/annotator/wiki/Authentication>
(Setting Up User Identification)


> I am unsure as to how this works. When I log into in the store and (without
> using the bookmarklet) how does an annotator on another site know that I am
> in fact logged in? Or is the use of the bookmarklet necessary? If it is, I
> can do checks that makes sure the
>

Because your site knows you are logged in and can set that info in the
javascript when you set up the annotator code in your page.

annotations are only occurring on the pages I want them to. However, this
> will force users to install a bookmarklet. Is there a way to log users into
> my site (via the store) and then authenticate them without using the
> bookmarklet?
>

You don't need the bookmarklet at all. The whole design is so that the
Consumer (i.e. your site) is the only think that would need an account on
the Service Provider (e.g. annotateit.org)

Rufus


> On Tue, Aug 16, 2011 at 3:36 PM, Rufus Pollock <rufus.pollock at okfn.org>wrote:
>
>> On 16 August 2011 10:51, Ewald Zietsman <ewald at siyavula.com> wrote:
>>
>>> Hi,
>>
>>
>> Before going into the details I wanted to check you've read this page:
>>
>> <https://github.com/okfn/annotator/wiki/Authentication>
>>
>>
>>> I want to allow users to log into the annotator-store before they start
>>> annotating my page. I've added the Auth plugin, but I don't know what to
>>> make the Auth URL. I'd like to set the Username and account ID in the
>>> annotation since I'll need to access the information for another purpose.
>>>
>>
>> You'll always need to set the account ID and the username should be set as
>> part of the auth plugin (see config on Open Shakespeare).
>>
>>
>>> I have a local store running at localhost:5000 and I've made a user
>>> account on that. It provided me with user account info but I need to include
>>> that into my annotations automatically. Any help on how to do this would be
>>> much appreciated.
>>>
>>
>> See that wiki page for an explanation. The Auth plugin should be doing
>> this automatically if configured correctly.
>>
>> Rufus
>>
>>
>>>  --
>>> *
>>> Ewald Zietsman
>>>
>>> Technical Coor**dinator*
>>> *
>>> *
>>> *
>>> *
>>> Website: www.siyavula.com
>>> The Open Innovation Studio, 27 Buitenkant Street, Cape Town, 8001
>>>
>>> A Shuttleworth Foundation Seeded Project
>>> Website: www.shuttleworthfoundation.org
>>>
>>>
>>> _______________________________________________
>>> annotator-dev mailing list
>>> annotator-dev at lists.okfn.org
>>> http://lists.okfn.org/mailman/listinfo/annotator-dev
>>>
>>>
>>
>>
>> --
>> Co-Founder, Open Knowledge Foundation
>> Promoting Open Knowledge in a Digital Age
>> http://www.okfn.org/ - http://blog.okfn.org/
>>
>>
>>
>
>
> --
> *
> Ewald Zietsman
>
> Technical Coor**dinator*
> *
> *
> *
> *
> Website: www.siyavula.com
> The Open Innovation Studio, 27 Buitenkant Street, Cape Town, 8001
>
> A Shuttleworth Foundation Seeded Project
> Website: www.shuttleworthfoundation.org
>
>


-- 
Co-Founder, Open Knowledge Foundation
Promoting Open Knowledge in a Digital Age
http://www.okfn.org/ - http://blog.okfn.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/annotator-dev/attachments/20110817/02c63675/attachment-0003.html>


More information about the annotator-dev mailing list