[foaf-protocols] foaf+ssl working on Internet Explorer

Peter Williams home_pw at msn.com
Mon Mar 15 01:18:03 CET 2010


I was able to substitute the public key (and mint myself a cert, with the
openid as the SAN URI).

Openid4.me then asserted to floss.pro.

What I was UNABLE to do (even when editing the "objects" of the profile
page) was (a) alter the cert:identity of the pubkey (b) add a SECOND pubkey
object to the array.

I really want openid4.me to assert cert:identity to the RP, not the profile
URI (assuming they are different). Then, I can choose different certs when
binding to the OP (which in turn bind to different cert:identities from the
webid profile page). This enables my cert selector to indirectly determine
which id synonym I want openid4.me to release to the RP.

Do this, we are very close to the directed identity rules of openid2
(without bothering with XRD, hostmeta etc). 

This is user centric (so far). It's where I was with openid2, initially
(where XRD files hosted by the openXRI server played the role that the foaf
profile and wiki site are now playing, operating a "vanity openid site").

(I could not follow what the wiki site was trying to say about the role of
foafssl.org and its assertions). I wonder it folks are trying to say that
openid4.me COULD HAVE delegated up to foafssl.org to do the foaf+ssl
procedures - creating a 2-hop assertion chain (foafssl.org -> openid4.me ->
floss.pro).






More information about the foaf-protocols mailing list