[foaf-dev] Re: [OpenID] cryptographics web of trust

Story Henry henry.story at bblfish.net
Mon Aug 13 20:49:30 BST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter,

thanks for introducing me to XML-DSIG by showing how one can use it  
to sign my foaf file. (see end of this email)

Putting on my RESTful and RDF glasses make me think that that  
solution takes what would be termed the SOAPish turn: it tries to  
envelop the content instead of referring to it. In the example  
described at:

    http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust

there is a URL for me

    http://bblfish.net/people/henry/card#me

which one can HTTP GET information for by fetching

    http://bblfish.net/people/henry/card

which returns one of the alternate representations

    http://bblfish.net/people/henry/card.rdf
    http://bblfish.net/people/henry/card.n3

The signatures for those representations are in other files, also  
accessible via URLs namely

    http://bblfish.net/people/henry/card.rdf.asc
    http://bblfish.net/people/henry/card.n3.asc

By doing this we have the following advantages:

   1- we can identify every object clearly by a URL. This works  
nicely with the web caches, and is a good separation of concerns. We  
have URLs for each representation, urls for me, urls for the signature

   2- HTTP provides a clear distinction between the envelope and the  
content. In the XML-DSIG example, is the content the XML-DSIG  
wrapper, or is it the encoded N3 file?

   3- separation of concerns: people only need to download the  
signature and my public key if it is of interest to them. Perhaps if  
there is something suspicious in the rdf content...

Now the disadvantage of the solution I proposed is that the caches  
might end up returning a stale copy of the pgp signature. XML-DSIG  
bypasses that problem of course because it sends the content and the  
signature simultaneously. HTTP could solve the problem by sending the  
signature in the header too, though that would clearly be cumbersome.  
One simple solution is to specify the etag of the signature in the  
card rdf:

<http://bblfish.net/people/henry/card.n3>
        wot:assurance <http://bblfish.net/people/henry/card.n3.asc> ;
        awol:type "text/rdf+n3" .

<http://bblfish.net/people/henry/card.n3.asc>
     xxx:etag "13b3-ba-56463740";
     xxx:content-length 186 .

Now a client that would get card.n3 would know that if it did an HTTP  
GET on card.n3.asc which did not have
that etag or content-length, or last updated date, that the two  
representations were in some way out of sync.
Currently they are not:

hjs at bblfish:0$ curl -I http://bblfish.net/people/henry/card.n3.asc
HTTP/1.1 200 OK
Date: Mon, 13 Aug 2007 19:29:22 GMT
Server: Apache/2.0.55 (Unix) DAV/2 mod_perl/2.0.2 Perl/v5.8.4
Last-Modified: Fri, 10 Aug 2007 11:04:21 GMT
ETag: "13b3-ba-56463740"
Accept-Ranges: bytes
Content-Length: 186
Content-Type: text/plain


This is about as much as I can say about XML-DSIG as a novice in  
cryptography. I will try to look at it in more detail.


On 11 Aug 2007, at 07:56, Peter Williams wrote:

> See below:
>
> I (counter) signed your entire file, using XML-DSIG (with SAML- 
> defined security semantics, as signaled).

Thanks, that is a nice introduction to XML-DSIG.

> I treated the FOAF file as a string-form of a (rather long) name,  
> which bears its naming architcture, its naming contexts, its naming  
> schema, its naming relationships, and its new name protections.

It looks like one should be able to extract a good ontology from the  
above, in the spirit of WOT, or as an enhancement of WOT. Just a few  
names to be added to http://xmlns.com/wot/0.1/
As shown in the article

http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust

the advantage of rdf vocabularies, is that they can be used in many  
different contexts, in a very flexible manner.

> If one treats the FOAF file as a text stream, I dont see why one  
> cannot similarly encode and then sign the N3 form. The XML form of  
> the RDF seems to be adding little.

Indeed the XML form and the N3 form are just alternates of one  
another, as I stated in the example

<http://bblfish.net/people/henry/card>   a foaf:PersonalProfileDocument;
      iana:alternate <http://bblfish.net/people/henry/card.rdf>,
                     <http://bblfish.net/people/henry/card.n3> .

They represent exactly the same graph. Indeed the xml is generated  
automatically from the N3 using

cwm card.n3 --rdf > card.rdf




>
> ________________________________
>
> From: general-bounces at openid.net on behalf of Story Henry
> Sent: Fri 8/10/2007 7:11 AM
> To: Steven Livingstone
> Cc: foaf-dev; OpenID General
> Subject: Re: [OpenID] cryptographics web of trust
>
>
>
> Thanks for the feedback. I have extended the blog post to describe
> how one can link up to other people's public keys, sign their public
> keys, and how one can sign parts of one's foaf file, using Dan
> Brickley's and Tim Berners' Lee as examples.
>
> This develops a very powerful web of trust.
>
> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>
> Henry
>
>
> On 9 Aug 2007, at 20:15, Steven Livingstone wrote:
>
>> Very cool.
>>
>> I did some work in encrypting FOAF files a few years back (well,
>> hacked something together in a few hours).
>> http://www.ecademy.com/node.php?id=4568
>>
>> I checked and it is still there:
>> http://livz.org/encrypt/PrivateFoaf.aspx
>>
>> With the FOAF URL :
>> http://www.ecademy.com/module.php?mod=network&op=foafrdf&uid=21584
>> and searching for the name "Robert Sullivan" and a password
>> "steven", you get my decrypted FOAF file.
>>
>> The limiting part of it all (to make it really easy) was the fact
>> you needed an identity "Robert Sullivan" and a shared secret
>> "steven" - this is why OpenID is so powerful. With an authenticated
>> OpenID, you would be able to decrypt the FOAF file automatically.
>>
>> I figured at the time that some online identity (which didn't
>> really exist) could easily be mapped to a corresponding public key,
>> allowing you to encrypt parts of your FOAF files (or any other
>> file) for specific users.
>>
>> I hadn't spent too much time on it but i'd sure like to see it move
>> forward in some way.
>>
>> I know there has been other work put into this stuff as well:
>> http://usefulinc.com/foaf/encryptingFoafFiles
>>
>> steven
>> http://livz.org <http://livz.org/>
>>
>>
>>> To: general at openid.net; foaf-dev at lists.foaf-project.org
>>> From: henry.story at bblfish.net
>>> Date: Thu, 9 Aug 2007 18:31:57 +0200
>>> Subject: [OpenID] cryptographics web of trust
>>>
>>> Hi, following some of the conversations I had on the openid
>> forums, I
>>> have read up about web security and used that new gained
>> knowledge to
>>> enhance my foaf file with a link to my public PGP key and used that
>>> to sign my foaf file. Using this it is easy to see how one can
>> create
>>> a semantic cryptographic web of trust.
>>>
>>> http://blogs.sun.com/bblfish/entry/cryptographic_web_of_trust
>>>
>>> There is a lot more to add for sure, but this is a good starting
>>> point. Great fun too.
>>>
>>> Henry Story
>>> _______________________________________________
>>> general mailing list
>>> general at openid.net
>>> http://openid.net/mailman/listinfo/general
>>
>>
>> See what you're getting into...before you go there See it!
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
>
>
>
> <samlp:Response Destination="http://localhost:9030/sp/ACS.saml2"  
> InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi"  
> IssueInstant="2007-08-11T05:45:26.614Z" ID="_JbuqXO6H- 
> BQIoeYwpd0NIE88d6" Version="2.0"  
> xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer  
> xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http:// 
> www.acmemls.com/request-auth.jsp</saml:Issuer><ds:Signature  
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml- 
> exc-c14n#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/ 
> xmldsig#rsa-sha1"/>
> <ds:Reference URI="#_JbuqXO6H-BQIoeYwpd0NIE88d6">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/2000/09/ 
> xmldsig#enveloped-signature"/>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>TOs5pUtgy8p2wiQjXJuRfxa2224=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> ctUDU/+NwF7GwNPlGa184G8a5BfnIi1Nmzp8uKCZ93T8gDJVKRBbJDzhhnZ8EF2Y9G 
> +PpPvIWW7b
> Oq/wmW8iYg==
> </ds:SignatureValue>
> </ds:Signature><samlp:Status><samlp:StatusCode  
> Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></ 
> samlp:Status><saml:Assertion Version="2.0"  
> IssueInstant="2007-08-11T05:45:26.786Z"  
> ID="eK2qsvd9xzsmzN7Z_V8sb08fqO-"  
> xmlns:saml="urn:oasis:names:tc:SAML: 
> 2.0:assertion"><saml:Issuer>http://www.acmemls.com/request- 
> auth.jsp</saml:Issuer><saml:Subject><saml:NameID  
> Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">%0d% 
> 0a%3c!--+Processed+by+Id%3a+cwm.py%2cv+1.194+2007-08-06+16%3a13%3a56 
> +syosi+Exp+--%3e%0d%0a%3c!--+++++using+base+file%3a%2f%2f%2fUsers% 
> 2fhjs%2fDocuments%2fcard%2fcard.n3--%3e%0d%0a%0d%0a%0d%0a%3crdf% 
> 3aRDF+xmlns%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a+++ 
> +xmlns%3aawol%3d%22http%3a%2f%2fbblfish.net%2fwork%2fatom-owl% 
> 2f2006-06-06%2f%23%22%0d%0a++++xmlns%3acontact%3d%22http%3a%2f% 
> 2fwww.w3.org%2f2000%2f10%2fswap%2fpim%2fcontact%23%22%0d%0a++++xmlns 
> %3afoaf%3d%22http%3a%2f%2fxmlns.com%2ffoaf%2f0.1%2f%22%0d%0a+++ 
> +xmlns%3ageo%3d%22http%3a%2f%2fwww.w3.org%2f2003%2f01%2fgeo% 
> 2fwgs84_pos%23%22%0d%0a++++xmlns%3aiana%3d%22http%3a%2f% 
> 2fwww.iana.org%2fassignments%2frelation%2f%22%0d%0a++++xmlns%3ardf% 
> 3d%22http%3a%2f%2fwww.w3.org%2f1999%2f02%2f22-rdf-syntax-ns%23%22%0d 
> %0a++++xmlns%3ardfs%3d%22http%3a%2f%2fwww.w3.org%2f2000%2f01%2frdf- 
> schema%23%22%0d%0a++++xmlns%3awot%3d%22http%3a%2f%2fxmlns.com%2fwot% 
> 2f0.1%2f%22%3e%0d%0a%0d%0a++++%3cPersonalProfileDocument+rdf%3aabout 
> %3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%22%3e%0d%0a++ 
> ++++++%3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f% 
> 2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22%2f%3e%0d%0a++++++++% 
> 3ciana%3aalternate+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net% 
> 2fpeople%2fhenry%2fcard.rdf%22%2f%3e%0d%0a++++++++%3cmaker+rdf% 
> 3aresource%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard% 
> 23me%22%2f%3e%0d%0a++++++++%3cprimaryTopic+rdf%3aresource%3d%22http% 
> 3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d%0a+++++ 
> +++%3ctitle%3eHenry+Story's+FOAF+file%3c%2ftitle%3e%0d%0a++++%3c% 
> 2fPersonalProfileDocument%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d 
> %22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%3e%0d%0a 
> ++++++++%3ccontact%3ahome+rdf%3aparseType%3d%22Resource%22%3e%0d%0a+ 
> +++++++++++%3ccontact%3aaddress+rdf%3aparseType%3d%22Resource%22%3e% 
> 0d%0a++++++++++++++++%3ccontact%3acity%3eFontainebleau%3c%2fcontact% 
> 3acity%3e%0d%0a++++++++++++++++%3ccontact%3acountry%3eFrance%3c% 
> 2fcontact%3acountry%3e%0d%0a++++++++++++++++%3ccontact%3apostalCode% 
> 3e77300%3c%2fcontact%3apostalCode%3e%0d%0a++++++++++++++++%3ccontact 
> %3astreet%3e21+rue+Saint+Honore%3c%2fcontact%3astreet%3e%0d%0a++++++ 
> ++++++%3c%2fcontact%3aaddress%3e%0d%0a++++++++++++%3cgeo%3alat% 
> 3e48.404532%3c%2fgeo%3alat%3e%0d%0a++++++++++++%3cgeo%3along% 
> 3e2.700448%3c%2fgeo%3along%3e%0d%0a++++++++%3c%2fcontact%3ahome%3e% 
> 0d%0a++++++++%3caimChatID%3eunbabelfish%3c%2faimChatID%3e%0d%0a+++++ 
> +++%3cbirthday%3e07-29%3c%2fbirthday%3e%0d%0a++++++++% 
> 3ccurrentProject+rdf%3aresource%3d%22http%3a%2f%2fbblfish.net%2fwork 
> %2fatom-owl%2f2006-06-06%2f%22%2f%3e%0d%0a++++++++%3ccurrentProject 
> +rdf%3aresource%3d%22https%3a%2f%2fbloged.dev.java.net%2f%22%2f%3e% 
> 0d%0a++++++++%3ccurrentProject+rdf%3aresource%3d%22https%3a%2f% 
> 2fsommer.dev.java.net%2f%22%2f%3e%0d%0a++++++++%3cdepiction+rdf% 
> 3aresource%3d%22http%3a%2f%2ffarm1.static.flickr.com%2f164% 
> 2f373663745_1801c2dddf.jpg%3fv%3d0%22%2f%3e%0d%0a++++++++% 
> 3cfamily_name%3eStory%3c%2ffamily_name%3e%0d%0a++++++++%3cgender% 
> 3emale%3c%2fgender%3e%0d%0a++++++++%3cgivenname%3eHenry%3c% 
> 2fgivenname%3e%0d%0a++++++++%3chomepage+rdf%3aresource%3d%22http%3a% 
> 2f%2fbblfish.net%2f%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d 
> %22http%3a%2f%2fdanbri.org%2ffoaf.rdf%23danbri%22%2f%3e%0d%0a+++++++ 
> +%3cknows+rdf%3aresource%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf% 
> 23me%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f% 
> 2fpurl.org%2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars% 
> 22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http%3a%2f% 
> 2ftorrez.us%2fwho%23elias%22%2f%3e%0d%0a++++++++%3cknows+rdf% 
> 3aresource%3d%22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople% 
> 2fPaulGearon%2ffoaf.rdf%23me%22%2f%3e%0d%0a++++++++%3cknows+rdf% 
> 3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee% 
> 2fcard%23i%22%2f%3e%0d%0a++++++++%3cknows+rdf%3aresource%3d%22http% 
> 3a%2f%2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%2f%3e%0d%0a+++++++ 
> +%3cknows+rdf%3aparseType%3d%22Resource%22%3e%0d%0a++++++++++++% 
> 3crdf%3atype+rdf%3aresource%3d%22http%3a%2f%2fxmlns.com%2ffoaf% 
> 2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs%3aseeAlso+rdf% 
> 3aresource%3d%22http%3a%2f%2fwww.webmink.net%2ffoaf.rdf%22%2f%3e%0d% 
> 0a++++++++++++%3cmbox_sha1sum% 
> 3eee513cd82fea84825b803a44228fd9b765baf6d5%3c%2fmbox_sha1sum%3e%0d% 
> 0a++++++++++++%3cname%3eSimon+Phipps%3c%2fname%3e%0d%0a++++++++%3c% 
> 2fknows%3e%0d%0a++++++++%3cknows+rdf%3aparseType%3d%22Resource%22%3e 
> %0d%0a++++++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f% 
> 2fxmlns.com%2ffoaf%2f0.1%2fPerson%22%2f%3e%0d%0a++++++++++++%3crdfs% 
> 3aseeAlso+rdf%3aresource%3d%22http%3a%2f%2fdannyayers.com%2fme.rdf% 
> 22%2f%3e%0d%0a++++++++++++%3cname%3eDanny+Ayers%3c%2fname%3e%0d%0a++ 
> ++++++%3c%2fknows%3e%0d%0a++++++++%3clogo+rdf%3aresource%3d%22%2fpix 
> %2fbfish.large.jpg%22%2f%3e%0d%0a++++++++%3cmbox+rdf%3aresource%3d% 
> 22mailto%3ahenry.story%40bblfish.net%22%2f%3e%0d%0a++++++++%3cmbox 
> +rdf%3aresource%3d%22mailto%3ahenry.story%40gmail.com%22%2f%3e%0d%0a 
> ++++++++%3cmbox+rdf%3aresource%3d%22mailto%3ahenry.story%40sun.com% 
> 22%2f%3e%0d%0a++++++++%3cname%3eHenry+J.+Story%3c%2fname%3e%0d%0a+++ 
> +++++%3cnick%3ebblfish%3c%2fnick%3e%0d%0a++++++++%3copenid+rdf% 
> 3aresource%3d%22http%3a%2f%2fbblfish.videntity.org%2f%22%2f%3e%0d%0a 
> ++++++++%3copenid+rdf%3aresource%3d%22http%3a%2f%2fopenid.sun.com% 
> 2fbblfish%22%2f%3e%0d%0a++++++++%3cpastProject+rdf%3aresource%3d% 
> 22http%3a%2f%2fbabelfish.altavista.com%2f%22%2f%3e%0d%0a++++++++% 
> 3cphone+rdf%3aresource%3d%22tel%3a%2b1-510-931-5491%22%2f%3e%0d%0a++ 
> ++++++%3cphone+rdf%3aresource%3d%22tel%3a%2b33-8-70-44-86-64%22%2f% 
> 3e%0d%0a++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f% 
> 2fwww.bbk.ac.uk%2fphil%2f%22%2f%3e%0d%0a++++++++%3cschoolHomepage 
> +rdf%3aresource%3d%22http%3a%2f%2fwww.doc.ic.ac.uk%2f%22%2f%3e%0d%0a 
> ++++++++%3cschoolHomepage+rdf%3aresource%3d%22http%3a%2f% 
> 2fwww.kcl.ac.uk%2fkis%2fschools%2fhums%2fphilosophy%2f%22%2f%3e%0d% 
> 0a++++++++%3ctitle%3eMr%3c%2ftitle%3e%0d%0a++++++++%3cweblog+rdf% 
> 3aresource%3d%22http%3a%2f%2fbblfish.net%2fblog%2f%22%2f%3e%0d%0a+++ 
> +++++%3cweblog+rdf%3aresource%3d%22http%3a%2f%2fblogs.sun.com% 
> 2fbblfish%2f%22%2f%3e%0d%0a++++++++%3cweblog+rdf%3aresource%3d% 
> 22http%3a%2f%2fdel.icio.us%2fbblfish%22%2f%3e%0d%0a++++++++% 
> 3cworkplaceHomepage+rdf%3aresource%3d%22http%3a%2f%2fsun.com%22%2f% 
> 3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf% 
> 3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.n3%22% 
> 3e%0d%0a++++++++%3cawol%3atype%3etext%2frdf%2bn3%3c%2fawol%3atype%3e 
> %0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d%22http%3a%2f% 
> 2fbblfish.net%2fpeople%2fhenry%2fcard.n3.asc%22%2f%3e%0d%0a++++%3c% 
> 2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription+rdf% 
> 3aabout%3d%22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf% 
> 22%3e%0d%0a++++++++%3cawol%3atype%3eapplication%2frdf%2bxml%3c% 
> 2fawol%3atype%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d% 
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard.rdf.asc%22%2f%3e% 
> 0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf% 
> 3aDescription+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org%2fdanbri- 
> pubkey.txt%22%3e%0d%0a++++++++%3cwot%3aassurance+rdf%3aresource%3d% 
> 22danbri.pubkey.asc.asc%22%2f%3e%0d%0a++++%3c%2frdf%3aDescription%3e 
> %0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fdanbri.org% 
> 2ffoaf.rdf%23danbri%22%3e%0d%0a++++++++%3cname%3eDan+Brickley%3c% 
> 2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf% 
> 3aabout%3d%22http%3a%2f%2fdavelevy.info%2ffoaf.rdf%23me%22%3e%0d%0a+ 
> +++++++%3cname%3eDave+Levy%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d% 
> 0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2fpurl.org% 
> 2fcaptsolo%2fsemweb%2ffoaf-captsolo.rdf%23Uldis_Bojars%22%3e%0d%0a++ 
> ++++++%3cname%3eUldis+Bojars%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e% 
> 0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f%2ftorrez.us% 
> 2fwho%23elias%22%3e%0d%0a++++++++%3cname%3eElias+Torres%3c%2fname%3e 
> %0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d% 
> 22http%3a%2f%2fweb.mac.com%2fthegearons%2fpeople%2fPaulGearon% 
> 2ffoaf.rdf%23me%22%3e%0d%0a++++++++%3cname%3ePaul+Gearon%3c%2fname% 
> 3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d% 
> 22http%3a%2f%2fwww.w3.org%2fPeople%2fBerners-Lee%2fcard%23i%22%3e%0d 
> %0a++++++++%3cname%3eTim+Berners+Lee%3c%2fname%3e%0d%0a++++%3c% 
> 2fPerson%3e%0d%0a%0d%0a++++%3cPerson+rdf%3aabout%3d%22http%3a%2f% 
> 2fwww.w3.org%2fPeople%2fConnolly%2f%23me%22%3e%0d%0a++++++++%3cname% 
> 3eDan+Connolly%3c%2fname%3e%0d%0a++++%3c%2fPerson%3e%0d%0a%0d%0a++++ 
> %3crdf%3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d 
> %22http%3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a+++++++ 
> +%3cwot%3afingerprint%3eE5C6CDCC5C1401B6EB2BC5EAED0BF9DBC7DEAB05%3c% 
> 2fwot%3afingerprint%3e%0d%0a++++++++%3cwot%3ahex_id%3eC7DEAB05%3c% 
> 2fwot%3ahex_id%3e%0d%0a++++++++%3cwot%3aidentity+rdf%3aresource%3d% 
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fcard%23me%22%2f%3e%0d% 
> 0a++++++++%3cwot%3alength+rdf%3adatatype%3d%22http%3a%2f% 
> 2fwww.w3.org%2f2001%2fXMLSchema%23integer%22%3e1024%3c%2fwot% 
> 3alength%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource%3d% 
> 22http%3a%2f%2fbblfish.net%2fpeople%2fhenry%2fhenry.pubkey.asc%22%2f 
> %3e%0d%0a++++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf% 
> 3aDescription%3e%0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http 
> %3a%2f%2fxmlns.com%2fwot%2f0.1%2fPubkey%22%2f%3e%0d%0a++++++++%3cwot 
> %3ahex_id%3e9FC3D57E%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot% 
> 3aidentity+rdf%3aresource%3d%22http%3a%2f%2fwww.w3.org%2fPeople% 
> 2fBerners-Lee%2fcard%23i%22%2f%3e%0d%0a++++++++%3cwot% 
> 3apubkeyAddress+rdf%3aresource%3d%22timbl.pubkey.asc%22%2f%3e%0d%0a+ 
> +++%3c%2frdf%3aDescription%3e%0d%0a%0d%0a++++%3crdf%3aDescription%3e 
> %0d%0a++++++++%3crdf%3atype+rdf%3aresource%3d%22http%3a%2f% 
> 2fxmlns.com%2fwot%2f0.1%2fPubKey%22%2f%3e%0d%0a++++++++%3cwot% 
> 3ahex_id%3eB573B63A%3c%2fwot%3ahex_id%3e%0d%0a++++++++%3cwot% 
> 3aidentity+rdf%3aresource%3d%22http%3a%2f%2fdanbri.org%2ffoaf.rdf% 
> 23danbri%22%2f%3e%0d%0a++++++++%3cwot%3apubkeyAddress+rdf%3aresource 
> %3d%22http%3a%2f%2fdanbri.org%2fdanbri-pubkey.txt%22%2f%3e%0d%0a++++ 
> %3c%2frdf%3aDescription%3e%0d%0a%3c%2frdf%3aRDF%3e</ 
> saml:NameID><saml:SubjectConfirmation  
> Method="urn:oasis:names:tc:SAML: 
> 2.0:cm:bearer"><saml:SubjectConfirmationData  
> InResponseTo="_KrYhdmh3KExWfP5o0CAs7C9mfi"  
> NotOnOrAfter="2007-08-11T05:50:26.833Z" Recipient="http://localhost: 
> 9030/sp/ACS.saml2"/></saml:SubjectConfirmation></ 
> saml:Subject><saml:Conditions <http://localhost:9030/sp/ACS.saml2% 
> 22/%3E%3C/saml:SubjectConfirmation%3E%3C/saml:Subject%3E% 
> 3Csaml:Conditions>  NotOnOrAfter="2007-08-11T05:50:26.817Z"  
> NotBefore="2007-08-11T05:40:26.817Z"><saml:AudienceRestriction><saml:A 
> udience>http://www.acmemls.com/request-auth.jsp</saml:Audience></ 
> saml:AudienceRestriction></saml:Conditions><saml:AuthnStatement  
> AuthnInstant="2007-08-11T05:45:26.770Z"  
> SessionIndex="eK2qsvd9xzsmzN7Z_V8sb08fqO-"><saml:AuthnContext><saml:Au 
> thnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</ 
> saml:AuthnContextClassRef></saml:AuthnContext></ 
> saml:AuthnStatement></saml:Assertion></samlp:Response>
>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iD8DBQFGwLXS7Qv528feqwURAvf1AJ9b3mWBn+Dn+6eE3Gdxx5kUKGpbeQCfccTV
ClZ6euUnZa9H3TSf273+99k=
=eZ/+
-----END PGP SIGNATURE-----


More information about the foaf-dev mailing list