[foaf-protocols] Standardising the foaf+ssl protocol to launch the Social Web
melvincarvalho at gmail.com
Tue Jul 6 08:51:01 CEST 2010
On 5 July 2010 20:20, Reto Bachmann-Gmür <me at farewellutopia.com> wrote:
> On Mon, Jul 5, 2010 at 7:52 PM, Nathan <nathan at webr3.org> wrote:
> > ps: yes that did include a pitch for Certified WebID rather than
> foaf+ssl is about p2p security. this decentralisation is not only
> requirement by w3c design guide lines it also inherently more secure.
> As Tyler Close explained several years ago with his httpsy proposal
>  rather than just pointing to a address on a hierarchical system as
> with normal links we should (also) include the public key (or its
> hash) in the links.
I agree security is a key aspect of FOAF+SSL
However, more fundamentally, Linked Data can benefit enormously from an
authentication system. We all know that UGC was one of the bug drivers of
the web of documents. With Secure Webid, you have the "U" part available to
the Web of Data. This is exciting because, it can be a springboard to
linked data to a new level.
They dynamic is that you go through an authentication process and that
verifies that you own a WebID. SSL is a great way to do this, but you can
equally use any number of methods: OpenID, Username/Password / email etc.
In OAuth 2.0 these are called authentication 'profiles'
The question is, as part of standardization will we:
1. Consider only TLS
2. Consider TLS but in a modular way, while mentioning other profiles, out
of scope of the document
3. Consider multiple authentication profiles e.g. TLS & OpenID
> While replacing https seems unrealistic, allowing trust into "self
> signed" certificates by providing the public key in the link should be
> feasible without breaking compatibility with existing infrastructure.
> The certification in the ssl standard is a compatible but limiting
> subset of the multi-party trust chains of foaf+ssl.
> 1. http://www.waterken.com/dev/YURL/ and
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-protocols