[foaf-protocols] Webid Spec: Reference to the X.509 RFC 5280?
kidehen at openlinksw.com
Mon Aug 16 15:11:52 CEST 2010
On 8/16/10 1:38 PM, Dan Brickley wrote:
> On Mon, Aug 16, 2010 at 2:16 PM, Kingsley Idehen<kidehen at openlinksw.com> wrote:
>> On 8/16/10 12:16 PM, Bruno Harbulot wrote:
>>> The PKIX spec (RFC 5280) is based on X.509, so it does repeat some of
>>> the content of the X.509 spec and puts it into context (for a PKI).
>>> However, the permitted values for the SAN are in the X.509 Specification.
>>> (section 18.104.22.168)
>>> Regarding Webfinger/Fingerpoint, I'm not quite sure how widespread this
>>> is yet.
>> Since GMAIL and AOL both support Webfinger, I think its safe to assume
>> wide spread use of resolvable "acct:" and "mailto:" scheme URIs which
>> are discovered via emerging .well-known/host-meta resource mechanism and associated XRD resources.
> I'm not sure there is quite so much enthusiasm for acct: around
> currently, in particular Eran seems to be having second thoughts. For
> eg see discussion around
As you know, no end-user is going to type in any of the following into a
Username or Account capture input field:
1. mailto:xyz at example.com
2. acct:xyz at example.com.
What they will type in is: xyz at example.com.
Where "mailto:", "acct:", and "http:" come into play is back-end
handling via service specific heuristics . Google have made a commitment
to dealing with the "acct:" via GMAIL service. AOL has also followed
suit. Methinks that's ample re. uptake on the data space provider front.
We are doing the same re. WebID such that we can perform public key &
identifier matches irrespective of what identifiers we pick up in the
X.509 cert. I don't see any reason for sticking with HTTP URIs solely.
As I continue to project, my preference is for the more semantically
rich approaches to succeed based on their intrinsic merits. This is
ultimately how they will reach mass usage. Basically, back to my old
"embrace and extend" (in a positive way) mantra :-)
I am a middleware guy, data model and data representational disparity
are simply facts of computing life to me.
> ps. somewhat related, discussion of 3 different flavours of identifier
> in OAuth2-based "OpenID Connect",
More information about the foaf-protocols