[foaf-protocols] WebID spec: Subject Alternative Name extension

Mischa Tuffield mischa.tuffield at garlik.com
Sat Jul 17 13:33:12 CEST 2010 

Hello, 

Just caught up on this thread. Two observations, which are somehow related : 

1) Regarding the separation of concepts of a) Proving one's identity or authenticating, and b) Sharing of further information about a given identity post authentication seems like the only way to go. I am not an expert in OpenID, built a few things with it, but the spec is a minefield and a real pain IMHO. But saying that, OpenID (which has plenty of merchants 100s of millions [being the word used in this thread]) as a concept separated the concept of proving identity (the core OpenID dance), and the supply of contact information (an OpenID extension for sharing emails, fullname, etc) which is clean way separating out functionality. I mean some people (hehe like me) don't want any information but proof of my ownership a given OpenID URI (http://mmt.me.uk/blog/) to be transmitted from my OpenID provider to a given service if I sign up with it, I have an option to give the data to service providers, but I tend not to. 

2) The core/extension distinction made by the OpenID spec (I could be wrong re: OpenID 2, but am sure I am right re OpenID 1.1), makes me think of the relationship between the terms WebID (secure WebID, whatever) and foaf+ssl. The spec you guys are working on could define how to prove ownership of a given http:// WebID (which you guys are doing a great job on) and could point to a recommendation (I guess an overloaded word sorry) for the transmission of further contact information, based on the FOAF ontology to the core vocabulary for the exchange of personal information, hence the term foaf+ssl. You could define a API for making a friend relationships, for extracting info like email, address, gender, etc (via some SPARQL queries or something).  

Anyways, my 2cents, yay to being able to prove the ownership of a URI on the web, without having to go through the OpenID dance, and yay to an implementation of sharing personal contact via foaf, I guess if you are anti-FOAF, you could exchange data centered around your WebID based on a future vcard+ssl based system.

Mischa *likes saturdays

On 17 Jul 2010, at 05:12, Henry Story wrote:

> 
> On 16 Jul 2010, at 23:28, Nathan wrote:
> 
>> Bruno Harbulot wrote:
>>> 
>>> 
>>> On 16/07/2010 22:46, Seth Russell wrote:
>>> 
>>>>   Again, the whole point of the WebID is to enable linked data and
>>>>   what it entails. In particular, a simple example is, as you suggest,
>>>>   getting the user's e-mail address. foaf:mbox does just that from the
>>>>   WebID profile document.
>>>>   Putting information in the certificate is rather limited (and
>>>>   anyway, no one asserts that data, since we're not using a PKI).
>>>>   Instead, getting the information from the WebID profile document
>>>>   (aka the FOAF file), you'll be able to populate more things
>>>>   automatically in the merchant sites, not only the e-mail address but
>>>>   perhaps the full name, possibly address, etc.
>>>> 
>>>> 
>>>> Thing is, if the whole wrap is going to be it's there in the X.509
>>>> specification, so use it if you want, but what you should do is get the
>>>> email from a FOAF file, (which err, you probably won't find it there),
>>>> then, no, we don't get the benefit of instant motivation to
>>>> implement.
>>> 
>>> That is an interesting question indeed.
>>> We haven't talked about FOAF in the specification, but a lot of the 
>>> interesting data will be using the FOAF vocabulary.
>>> 
>>> There are two options:
>>> (1) We stick to the authentication part in this spec (so we only talk 
>>> about the cert ontology).
>>> (2) In addition to 1, we build in the dependence on FOAF.
>>> 
>>> I'm more in favour of (1).
>> 
>> I'm totally in favour of (1)
>> 
>>> However, mentioning FOAF is indeed important.
>> 
>> sounds more like 'primer' domain or accompanying material to me
>> 
>> fwiw & imho of course :)
> 
> The idea of a primer sounds very good. Simplifies things a lot.
> 
> Though Nothing wrong with mentio
> 
> 
> Henry
> 
>> 
>> Best,
>> _______________________________________________
>> foaf-protocols mailing list
>> foaf-protocols at lists.foaf-project.org
>> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
> 
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols

___________________________________
Mischa Tuffield PhD
Email: mischa.tuffield at garlik.com
Homepage - http://mmt.me.uk/
Garlik Limited, 1-3 Halford Road, Richmond, TW10 6AW
+44(0)845 645 2824  http://www.garlik.com/
Registered in England and Wales 535 7233 VAT # 849 0517 11
Registered office: Thames House, Portsmouth Road, Esher, Surrey, KT10 9AD

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20100717/4bb9c2ec/attachment.htm

More information about the foaf-protocols mailing list