[foaf-protocols] Standardising the foaf+ssl protocol to launch the Social Web
nathan at webr3.org
Fri Jul 16 15:24:45 CEST 2010
Henry Story wrote:
> On 16 Jul 2010, at 13:47, Toby Inkster wrote:
>> Let's consider:
>> subjectAltName = "URI:mailto:mail at tobyinkster.co.uk"
>> subjectAltName = "URI:acct:me at tobyinkster.co.uk"
>> I consider these flat-out wrong. Every URI that begins "mailto:"
>> identifies a mailbox, not a foaf:Agent. Similarly, every URI that begins
>> with "acct:" identifies an account, not a foaf:Agent. The URI given in
>> the subjectAltName must be a direct identifier for the agent.
>> On the other hand:
>> subjectAltName = "email:mail at tobyinkster.co.uk"
>> is a different matter. That's fine as far as I'm concerned.
>> For an explanation, what you should do is consider the subjectAltName to
>> be an RDF graph. Each item in the subjectAltName represents a triple.
>> For each triple, the subject is implicit - it's the holder of the
>> certificate; the predicate is determined by the part of the item before
>> the first colon; the object by the part after the first colon. So, for
>> example, the following subjectAltName:
>> subjectAltName = email:mail at tobyinkster.co.uk,
>> email:tai at g5n.co.uk,
> what is this email: ? Is that a new protocol scheme? Or is that part
> of the X509 spec?
subjectAltName can include multiple values of the types:
I personally include my WebID and my email within my x509 certificate,
it's that other bit of critical identifying information which let's
people communicate with me.
IMHO it's a very important bit of info to include and is worth giving
some thought and dare I say even mentioning in the protocol.
Certainly though we need people to be aware they may come across several
values in a single subjectAltName (some libs don't cater for this).
More information about the foaf-protocols