[foaf-protocols] X509 Ontology for foaf+ssl

Melvin Carvalho melvincarvalho at gmail.com
Thu May 7 14:33:50 CEST 2009

I've been wondering if it might be possible to have a "shorthand"
version of the public key representation (under perhaps the "cert" of
"foaf" namespace?) which uses some sensible defaults, during the
adoption phase, much in the same way that we use "foaf:openid" as a
shorthand for an open id account

Ideal would be to have it as a single triple, thereby allowing
relatively straightforward serialization into RDFa or RDF/XML.  This
could perhaps get a lot of websites or identity pages up and running
as web ID providers, quite quickly.

I think the exponent check could be set to a default as you're not
going to have identical public keys with different exponents.


2008/10/13 Story Henry <henry.story at bblfish.net>:
> So to get foaf+ssl basics going it should help if we have develop a little
> X509 ontology. Perhaps we can get a very basic one going, with just the
> classes we need for our protocol. We can then add more later as we need
> them. I am not sure how much we need/can integrate this with the wot
> ontology.
> ------------
> This is what we have been using currently, and it seems to be enough to get
> us going. I am using as a prefix for the ontology that we are working on.
> :me is xxx:identity of [ a xxx:x509Certificate;
>                         xxx:sigType xxx:md5WithRSAEncryption;
>                         xxx:sigValue
> "4d85aae9e4c4afc0384fc10b56a9cd61125e804717c0bbe324a7c85d2c9da14696a0c9eb7714e3d375a2ff0edf363c484c5dfcd779985de8ed9f29c6926f827778553bc2984276fea9c69d051ef6c7579fc610fee67feebd112c800664dc86bbc9f1794ae0d0b79f6f502fcda5c4bd24026312f1faabbc2aaae2ec35c2f5244c";
>                          ];
> Ie we need :
>  - a relation from an X509 Certificate to the thing it is identifying (
> xxx:identity ) ( :me )
>    [ the ' ... is REL of ... construction is another way of speaking of the
> inverse relation to REL ]
>  - a way of specifying a unique identifying feature of that certificate
>     this requires two things it seems:
>          + the value of the signature
>          + the type of the signature
>    ( Are there other ways of identifying X509 certificates? Hex ids perhaps?
> )
>    We need this in order to help link a person to their certificate when the
> server gets the key
> --------------------------
> Here is a first attempt to sketch out an ontology for X509 in UML with the
> help of Bruno Harbulot
> @prefix time: <http://www.w3.org/2006/time#> .
> @prefix foaf: <http://xmlns.com/foaf/0.1/> .
> Notes:
>   - In an X509 certificate the certificate is usually (I think) about an
> agent. But I imagine that one could
>     certify information about anything. So I tried to be a bit more general.
> Perhaps I should not.
>   - it does not look like there is much that hangs above on the particular
> X509 documents in the above. It looks like one can get a good general idea
> of a certificate.
>   - should the signature link to the signee ? It does indirectly via the
> public key that verifies it.
>   - the public key identifies the agent, because the agent knows the private
> key
>   - any better name for the relation between a public key and a private key?
>     the following rule needs to hold
>      { ?pubkey :identifies ?agent } => { ?agent :knows ?privateKey . ?pubKey
> :private ?privateKey }
>   - the PGP public key is a subclass of a certificate because it signs a
> number of statements about a subject
>     (usually at least his email address and his public key)
> ------------------------
> In our current examples we are publishing the relation in the foaf of the
> person to their certificate signature.
> :me is xxx:identity of
>      [ a xxx:x509Certificate;
>        xxx:sigType xxx:md5WithRSAEncryption;
>        xxx:sigValue
> "4d85aae9e4c4afc0384fc10b56a9cd61125e804717c0bbe324a7c85d2c9d...";
>      ].
> Should one not rather just be publishing the relation from the person to
> their public key(s)? So using the
> ontology sketched in the UML diagram [1]
> :me is uml:identity of
>      [ a uml:PublicKey, uml:RSAKey;
>        uml:modulus "00:b3:a1:b3:3d:a9:b1:b4:87:32:97:86:9f:c4:9e:...";
>        uml:exponent "65537"
>      ] .
> This would be both a useful way to publish one's public key, and a way to
> help confirm the relation between the foaf file and the x509 certificate.
> Now if one then used the Public key to sign one's own foaf file, then in a
> sense the foaf file would turn out to be a uml:Certificate.
> I am still just finding my way through this space. So I may have got a lot
> wrong. Don't hesitate to correct me.
> Henry
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

More information about the foaf-protocols mailing list