[foaf-protocols] WebID spec: Subject Alternative Name extension

Nathan nathan at webr3.org
Fri Jul 16 19:31:46 CEST 2010


Seth Russell wrote:
> On Fri, Jul 16, 2010 at 8:36 AM, Nathan <nathan at webr3.org> wrote:
> 
>> You could just pull the email address from the certificate (if one exists)
>> but you'd still be in the same scenario of needing a manual confirmation
>> that is in fact the email address the client wants you to use to contact
>> them.
>>
> 
> I disagree.  If the merchant asks you to identify yourself and provide a way
> to communicate back with you.   Then  if you choose  a certificate of your
> own volition which contains the message "here is the email address to
> contact me", then you have already answered the question : "what email
> address should be used to contact you".

only if stated and application specific, I could just as easily make a 
merchant which asks to manually confirm or even just enter manually.

Hence saying it's outside of scope and down to each application, at best 
this would come under some best practise guidelines (imho).

ps: I do follow what you're saying and it would be nice to have a 
standardized and well understood way to get an email address, perhaps as 
a complimentary spec to WebID :)

Best,

Nathan


More information about the foaf-protocols mailing list