[foaf-protocols] Self-signing certificates
pwilliams at rapattoni.com
Sat Dec 19 20:20:49 CET 2009
From: Peter Williams [mailto:home_pw at msn.com]
Sent: Friday, December 18, 2009 1:07 PM
Cc: 'foaf-protocols at lists.foaf-project.org'
Subject: RE: [foaf-protocols] Self-signing certificates
<issuerNameRegistry type="Microsoft.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, Microsoft.IdentityModel, Version=22.214.171.124, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<add thumbprint="B51C9602DFA5E73E0A53F9A8545E9CDBBA9472DB" name="uri:WindowsLiveID" />
<add thumbprint="B3059BDE766F90BDAF6F3103DA95BEBF019E17A4" name="uri:WindowsLiveID" />
[Peter Williams] BTW, one can uses a different type to configure the element (and the handling components that behave according to the element' spec). In .NET land, the type is often a programming type (vs an ontological or wordnet category) and is (according to Turing) a pretty useful thing.
I half remember reading some .NET sample code for writing one's own trustedissuer provider.
Doing this kind of thing is PART of the windows model, BTW. Rather than create a commodity framework that expects one to put "blind trust" in a controlling IDP, always remember that to Microsoft the PC is a liberating vehicle for individuals (while also being a work centric vehicle for enterprises). Thus, the windows framework is built to allow one and to FACILITATE one to 'Interpret' what the IDP says (vs blindly rely). If you want to blindly rely on facebook, you CAN (though). It's up to you to work with this architecture, which addresses a legal culture where the presumptions are set so you have no privacy until you assert you do (and then actually show you are working prudently to enforce it).
More information about the foaf-protocols