[foaf-protocols] Webid Spec: Reference to the X.509 RFC 5280?

Kingsley Idehen kidehen at openlinksw.com
Mon Aug 16 15:11:52 CEST 2010

  On 8/16/10 1:38 PM, Dan Brickley wrote:
> On Mon, Aug 16, 2010 at 2:16 PM, Kingsley Idehen<kidehen at openlinksw.com>  wrote:
>>   On 8/16/10 12:16 PM, Bruno Harbulot wrote:
>>> Hi,
>>> The PKIX spec (RFC 5280) is based on X.509, so it does repeat some of
>>> the content of the X.509 spec and puts it into context (for a PKI).
>>> However, the permitted values for the SAN are in the X.509 Specification.
>>>       http://www.itu.int/rec/T-REC-X.509-200508-I/en
>>>       (section
>>> Regarding Webfinger/Fingerpoint, I'm not quite sure how widespread this
>>> is yet.
>> Bruno,
>> Since GMAIL and AOL both support Webfinger, I think its safe to assume
>> wide spread use of  resolvable "acct:" and "mailto:" scheme URIs which
>> are discovered via emerging .well-known/host-meta resource mechanism and associated XRD resources.
> I'm not sure there is quite so much enthusiasm for acct: around
> currently, in particular Eran seems to be having second thoughts. For
> eg see discussion around
> http://groups.google.com/group/webfinger/browse_thread/thread/c8c56559218aa7f3/4830bf2253a00742?#4830bf2253a00742


As you know, no end-user is going to type in any of the following into a 
Username or Account capture input field:

1. mailto:xyz at example.com
2. acct:xyz at example.com.

What they will type in is: xyz at example.com.

Where "mailto:", "acct:", and "http:" come into play is back-end 
handling via service specific heuristics . Google have made a commitment 
to dealing with the "acct:" via GMAIL service. AOL has also followed 
suit. Methinks that's ample re. uptake on the data space provider front.

We are doing the same re. WebID such that we can perform public key & 
identifier matches irrespective of what identifiers we pick up in the 
X.509 cert. I don't see any reason for sticking with HTTP URIs solely.

As I continue to project, my preference is for the more semantically 
rich approaches to succeed based on their intrinsic merits. This is 
ultimately how they will reach mass usage. Basically, back to my old 
"embrace and extend" (in a positive way) mantra :-)

I am a middleware guy, data model and data representational disparity 
are simply facts of computing life to me.

> cheers,
> Dan
> ps. somewhat related, discussion of 3 different flavours of identifier
> in OAuth2-based "OpenID Connect",
> http://davidrecordon.com/2010/08/the-three-types-of-openid-connect-identifiers.html



Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen

More information about the foaf-protocols mailing list