[foaf-protocols] Splitti9ng the spec? (was Re: WebID breakthrough - pure Javascript+Flash implementation)

Reto Bachmann-Gmür me at farewellutopia.com
Sun Aug 8 13:06:07 CEST 2010


Hi Manu,

Congratulations!
...it worked well on my nokia n900.

As for the WebId Spec it raises interesting questions. To me it seems that
while being a useful application it is clearly not the tight integration
into the existing web-stack as envisaged by the current spec drafts. I
wouldn't want to renounce the latter but I think it would be great to have
the openness for integrating webid on other TLS based applications.

I think one way to achieve this would be to split the spec into two:

   - WebId Personal Identity Data Exchange: This specs defines how a WebId
   document looks like and specifies that a document can be considered
   authoritative source of information about a subject to which the URI is
   dereferenced too, and public key associated to the subject therein can thus
   safely be assumed to be the public key of key-pair in control of the
   subject. I think key revocation should get some consideration, there should
   be a way to balance the advantages of allowing caches and redundant
   distribution as with the perspectives-project with the additional security
   of key revocation and online checks. At this level the spec doesn't specify
   concrete protocol integration but defines the basic methods and ontologies
   used to:
   - provide security over the transitive trust network (which we haven't
      yet)
      - trust in the client identity by a trusted connection to a server
      (which is what we currently do, either by ca-signed ssl or with http by
      simply trusting the internet)
      - WebId in https/tls: This spec defines how WebId is integrated into
   the web-stack. Thanks to this spec, user controlled client agents as well as
   webservices can use webId as implementation of the authentication layer.

Cheers,
reto

On Sat, Aug 7, 2010 at 11:11 PM, Manu Sporny <msporny at digitalbazaar.com>
wrote:
> We've been able to make a fairly significant breakthrough re: WebID in
> the past several weeks.
>
> Our engineering team has put together a pure Javascript+Flash
> implementation of WebID (client and server). This includes everything
> from certificate generation (replacing <keygen>) to storage (via Flash
> object storage) and client-side certificate negotiation of TLS
connections.
>
> WebID – Universal Login for the Web
> http://blog.digitalbazaar.com/2010/08/07/webid/2/
>
> This is a big deal because we think that we may be able to get this
> stuff to work in IE 7 and many of the older browsers. We may be able to
> achieve 90%+ penetration for WebID in the browser. The interface to
> select client-side certificates would be unified across all websites and
> all browsers, including IE, Firefox, Chrome, Opera and Safari (since
> it's all HTML+CSS+Javascript).
>
> If you want to skip the blog post explaining this stuff, you can go
> straight to the WebID management page here (you will have to accept the
> bogus SSL certificates for the time being, we haven't bought verified
> SSL certificates for either site, yet):
>
> https://webid.digitalbazaar.com/manage/
>
> Or a sample login page here:
>
> https://payswarm.com/webid-demo/
>
> Your current WebIDs won't work with the demo because they exist in the
> browser's certificate chain and not the Flash storage object. We'll want
> to discuss the ramifications of this new breakthrough on the call on
> Tuesday.
>
> I'll send out an agenda soon.
>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny)
> President/CEO - Digital Bazaar, Inc.
> blog: WebApp Security - A jQuery Javascript-native SSL/TLS library
> http://blog.digitalbazaar.com/2010/07/20/javascript-tls-1/
> http://blog.digitalbazaar.com/2010/07/20/javascript-tls-2/
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20100808/5e1a8efe/attachment.htm 


More information about the foaf-protocols mailing list