[foaf-protocols] Webid Spec: Reference to the X.509 RFC 5280?

Kingsley Idehen kidehen at openlinksw.com
Mon Aug 16 15:14:50 CEST 2010


  On 8/16/10 2:11 PM, Melvin Carvalho wrote:
>
>
> On 16 August 2010 14:38, Dan Brickley <danbri at danbri.org 
> <mailto:danbri at danbri.org>> wrote:
>
>     On Mon, Aug 16, 2010 at 2:16 PM, Kingsley Idehen
>     <kidehen at openlinksw.com <mailto:kidehen at openlinksw.com>> wrote:
>     >  On 8/16/10 12:16 PM, Bruno Harbulot wrote:
>     >> Hi,
>     >>
>     >> The PKIX spec (RFC 5280) is based on X.509, so it does repeat
>     some of
>     >> the content of the X.509 spec and puts it into context (for a PKI).
>     >> However, the permitted values for the SAN are in the X.509
>     Specification.
>     >> http://www.itu.int/rec/T-REC-X.509-200508-I/en
>     >>      (section 8.3.2.1)
>     >>
>     >> Regarding Webfinger/Fingerpoint, I'm not quite sure how
>     widespread this
>     >> is yet.
>     >
>     > Bruno,
>     >
>     > Since GMAIL and AOL both support Webfinger, I think its safe to
>     assume
>     > wide spread use of  resolvable "acct:" and "mailto:" scheme URIs
>     which
>     > are discovered via emerging .well-known/host-meta resource
>     mechanism and associated XRD resources.
>
>     I'm not sure there is quite so much enthusiasm for acct: around
>     currently, in particular Eran seems to be having second thoughts. For
>     eg see discussion around
>     http://groups.google.com/group/webfinger/browse_thread/thread/c8c56559218aa7f3/4830bf2253a00742?#4830bf2253a00742
>
>
> 1. I think the webid spec should focus on dereferencing HTTP URI's
>
> 2. Other schemes are allowed but I suggest dereferencing is out of 
> scope of the core spec.

Yes, its out of the spec. My comments were about "wide spread use" which 
has nothing to do with the WebID spec.
>
> 3. With draft specs such as webfinger, I tend to look for guidance 
> from the wider community as they evolve and the W3C TAG.
>
> WebID should not try to be all things to all people.  This is possibly 
> a mistake OpenID had in its very early days.
>
> Personally, I'd stick to a solid way to authenticate with an HTTP URI 
> and leave architects and implementors to extend things it as needed.

Yes. that's fine.

My conversation with Dan and Bruno didn't have spec inclusion in mind.

My view is simply one of two approaches that can be meshed (by platforms 
rather than specs).

Kingsley

>
>     cheers,
>
>     Dan
>
>     ps. somewhat related, discussion of 3 different flavours of identifier
>     in OAuth2-based "OpenID Connect",
>     http://davidrecordon.com/2010/08/the-three-types-of-openid-connect-identifiers.html
>     _______________________________________________
>     foaf-protocols mailing list
>     foaf-protocols at lists.foaf-project.org
>     <mailto:foaf-protocols at lists.foaf-project.org>
>     http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20100816/2a656168/attachment-0001.htm 


More information about the foaf-protocols mailing list