me at farewellutopia.com
Sun Aug 8 13:06:07 CEST 2010
...it worked well on my nokia n900.
As for the WebId Spec it raises interesting questions. To me it seems that
while being a useful application it is clearly not the tight integration
into the existing web-stack as envisaged by the current spec drafts. I
wouldn't want to renounce the latter but I think it would be great to have
the openness for integrating webid on other TLS based applications.
I think one way to achieve this would be to split the spec into two:
- WebId Personal Identity Data Exchange: This specs defines how a WebId
document looks like and specifies that a document can be considered
authoritative source of information about a subject to which the URI is
dereferenced too, and public key associated to the subject therein can thus
safely be assumed to be the public key of key-pair in control of the
subject. I think key revocation should get some consideration, there should
be a way to balance the advantages of allowing caches and redundant
distribution as with the perspectives-project with the additional security
of key revocation and online checks. At this level the spec doesn't specify
concrete protocol integration but defines the basic methods and ontologies
- provide security over the transitive trust network (which we haven't
- trust in the client identity by a trusted connection to a server
(which is what we currently do, either by ca-signed ssl or with http by
simply trusting the internet)
- WebId in https/tls: This spec defines how WebId is integrated into
the web-stack. Thanks to this spec, user controlled client agents as well as
webservices can use webId as implementation of the authentication layer.
On Sat, Aug 7, 2010 at 11:11 PM, Manu Sporny <msporny at digitalbazaar.com>
> We've been able to make a fairly significant breakthrough re: WebID in
> the past several weeks.
> implementation of WebID (client and server). This includes everything
> from certificate generation (replacing <keygen>) to storage (via Flash
> object storage) and client-side certificate negotiation of TLS
> WebID – Universal Login for the Web
> This is a big deal because we think that we may be able to get this
> stuff to work in IE 7 and many of the older browsers. We may be able to
> achieve 90%+ penetration for WebID in the browser. The interface to
> select client-side certificates would be unified across all websites and
> all browsers, including IE, Firefox, Chrome, Opera and Safari (since
> If you want to skip the blog post explaining this stuff, you can go
> straight to the WebID management page here (you will have to accept the
> bogus SSL certificates for the time being, we haven't bought verified
> SSL certificates for either site, yet):
> Or a sample login page here:
> Your current WebIDs won't work with the demo because they exist in the
> browser's certificate chain and not the Flash storage object. We'll want
> to discuss the ramifications of this new breakthrough on the call on
> I'll send out an agenda soon.
> -- manu
> Manu Sporny (skype: msporny, twitter: manusporny)
> President/CEO - Digital Bazaar, Inc.
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-protocols