[foaf-protocols] What's a WebID?

Peter Williams pwilliams at rapattoni.com
Wed Dec 9 16:02:08 CET 2009


Two things are interesting .

First, the notion that the server first does a HEAD on the webid, to learn metadata about the foaf file.

Second, like the XML-based signed XRD 1.0 and its "host-meta" profile from google/yahoo et al, we already have the means to seek a label that asserts a set of tagged-links about MULTIPLE URLs that one endpoint (the rating service domain itself) "speaks for"

GET /ratings?opt=tree&format=full&
u="http%3A%2F%2Fwww.w3.org%2Fpub%2FWWW%2F+&"
u="http%3A%2F%2Fwww.w3.org%2Fpub%2FWWW%2FTheProject.html&"
u="http%3A%2F%2Fwww.w3.org%2Funknown&"
s="http%3A%2F%2Fwww.ages.org%2Four-service%2Fv1.0%2F&"
s="http%3A%2F%2Fwww.rsac.org%2Fv1.0&"
s="http%3A%2F%2Funknown.com" HTTP/1.0


Signed label delivery by a third party was one of the "how to make a billion dollars" ideas folks were working on at RSA DSI, of which I&A certs for I&A happened to be the one that took off (courtesy of Netscape and SSL, making VeriSign worth 2 billion dollars at one point!).

Today, we should send that sequence of labels back as an Atom stream, so it all now fits with modern work on activity streams.

So ...you get one form of label tied to the webid in the cert itself, and HEAD issued by the server allows you to get more labels.

We distinguish labels from foaf files!

IN this way, labels (RDF in drag) can augment certs, and just as in 40 years label-based access control, lattices can control the reassembly of labeled SSL fragments (properly addressing the so-called, and mis-named SSL renegotiation vulnerability).

And, it's about to get out of patent control (assuming there is IP).




-----Original Message-----
From: Peter Williams [mailto:home_pw at msn.com]
Sent: Wednesday, December 09, 2009 5:55 AM
To: 'Dan Brickley'; 'Toby Inkster'
Cc: 'foaf-protocols at lists.foaf-project.org'
Subject: RE: [foaf-protocols] What's a WebID?

So, if one puts all those ideas together, here is my cert now, now "labeled" using PICS. The label does not happen to use the RDF vocab of military "mandatory access control" lattices (with its read/write rules for stream rewriting in comms stacks), and does not constrain the payloads ON A SPECIFIC SECURITY CONTEXT to that confidentiality/handling policy. But it could, if the label was a MAC lattice. This is obviously where the folks were going, in 1996....

X509 Certificate:



More information about the foaf-protocols mailing list