[foaf-dev] RDFAuth_Sketch: what are we trying to solve

Anthony Steele Anthony at PlasticAvalon.org
Tue Apr 1 14:22:55 BST 2008


Story Henry wrote:

 > But instead of requiring an Identity server we use
> PGP asymmetric key cryptography to identify the User Agent Owner.

A point of order: In this context, PGP stands for "Pretty Good Privacy". 
  It is a particular implementation, albeit a groundbreaking one.  GPG 
(http://gnupg.org/ ) is another. I don't want to be tied to an 
implementation when I can use standards.

I see from Wikipedia (http://en.wikipedia.org/wiki/Pretty_Good_Privacy )
that the relevant standard for public-key cryptography is rfc4880 
(http://tools.ietf.org/html/rfc4880 )

If this would be easier to implement for me over openId/OAuth depends on 
the availability of libraries. I haven't had time to look into this or 
the technical merits of the solution yet.

Anthony


More information about the foaf-dev mailing list