[foaf-protocols] .p12 file, and using cn field for webid
henry.story at bblfish.net
Fri Dec 4 21:36:50 CET 2009
On 4 Dec 2009, at 20:03, Peter Williams wrote:
> The password for the enclosed .p12 file is 1234. See if you can read it (and use it in your browser).
I was able to import it into Firefox.
The OSX keychain keychain importer crashed on trying to import it.
> Would anyone me willing to change their foaf+ssl responder code to ALSO take the webid from the cn field of the subject name?
Is this something you think one should generalise? Or is this just a way to get some people to be able to see some immediate benefit? Is it really that difficult to add the URI to the subject Alt name?
> CN is semantically defined in X.50x as ... 'whatever its registration authority types it to be'.
As a matter of interest, do they mean (A) that the referent is whatever the registration authority types the object to be? Or do they mean (B) that the type of the bytes following the CN= is whatever the registration authority types it to be? (I know I am just being picky here)
In RDF a URI, used referentially ( in n3 it's placed between angle brackets <http://google.com/#it> ) does indeed refers to whatever the agency who coined/owns the URI determines it to be. This is best discovered by fetching the URI.
A URI as a string ( e.g. "http://google.com/#me" ) refers simply to that string.
I would guess that what they mean is that the object of the CN is of the type determined by the registration authority. The ldap system should then be able to tell you when you do an LDAP lookup, what this is. The problem is that I don't think LDAP provides any global way of helping one discover this, and there is not even I think a global way of dereferencing an ldap name.
> I hereby type it to be a URI and a webid, furthermore, since I'm the naming authority (formally, where a naming authority is a class of registration authority in ISO X.500-speak).
So you are saying that that CN string points to whatever the URI formed by that string points to...
is this then true for all OU=me,O=me,C=us ?
> If this works, and folks are willing to also let the CN field be an alternative repository for the webid (to the subj alt name URI extensions), I can give a trial user group access to a high-end .p12 web-console.
One problem I forsee with this way of doing things is that the CN is what some user interfaces (eg, iphone) use to display a human readable name. Because foaf.me puts a URI in the CN, this makes for a very bad user experience in Firefox's mobile browser for example.
So if putting a URI in the DN space is really the only solution, could one not create a new URL= position perhaps for this?
More information about the foaf-protocols