[foaf-protocols] X509 Ontology for foaf+ssl

Story Henry henry.story at bblfish.net
Mon Oct 13 23:45:20 CEST 2008 

On 13 Oct 2008, at 23:06, Simon Reinhardt wrote:
> Toby A Inkster wrote:
>> On 13 Oct 2008, at 18:02, Story Henry wrote:
>>> WHAT WE NEED
>>> ------------
>>>  - a relation from an X509 Certificate to the thing it is  
>>> identifying
>>> ( xxx:identity ) ( :me )
>>>    [ the ' ... is REL of ... construction is another way of speaking
>>> of the inverse relation to REL ]
>>
>> WOT has wot:identity from going from the certificate to the thing
>> that it identifies, and wot:hasKey as its inverse.
>
> What I don't quite get: in the example xxx:identity links from the  
> certificate to the person. In the sketch however xxx:identity is a  
> property which goes away from the PublicKey, not the certificate.

Yes, the way we are doing it currently is to relate a person to their  
certificate.

:me is xxx:identity of [ a xxx:x509Certificate;
                         xxx:sigType xxx:md5WithRSAEncryption;
                         xxx:sigValue   
"4d85aae9e4c4afc0384fc10b56a9cd61125e804717c0b...";
                        ];

this was just to prove the basic concept, that you could get a server  
that would do an HTTP lookup on a foaf id before granting access. The  
ontology was not thought through at all when this was done. Having  
shown that the basic concepts work, I thought it would be time to  
start working on the ontology....

Now one could have the foaf file specify information about the X509  
certificate and it's signature using the sketch of the ontology  
discussed here. On the other hand it occurred to me that one could get  
the same effect by just linking the foaf file to the Public Key found  
in the certificate. I think that should get the same effect we have  
been looking for.

One could do both. There may be yet other things to consider. That is  
something to discuss.

>  WOT also relates it to the PubKey.

yes. Though I do have a question with regard to wot in this regard. Is  
a wot:PubKey, which is a PGP public key, not really what we are  
thinking of here as a certificate? I think PGP keys can contain  
information about the user including email address, but also photos,  
and other information. I may very well be wrong here,...

>
>
>> That is, WOT provides us with everything we need - but it has one
>> major problem. The wot:PubKey class (and thus the properties
>> associated with it) are defined to represent a GPG or PGP key.
>>
>> We would need for either this description to be loosened slightly,
>> allowing for non-GPG/PGP keys; or for a superclass to be created of
>> which wot:PubKey is a subclass, and then define wot:hex_id,
>> wot:fingerprint and wot:identity to have a domain of that superclass,
>> and wot:hasKey to have a range of that superclass.
>
> I'd very much prefer the former. If we could use WOT in that way it  
> would make the whole thing way more interoperable.

> So we should get the author (Morten Frederiksen?) on the list. :-)

That would be certainly good. :-)


>
>
> Simon
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

More information about the foaf-protocols mailing list