[foaf-protocols] WebID distilled - was: PEM certificate- was cert:public_key
dlongley at digitalbazaar.com
Wed Oct 6 21:19:41 CEST 2010
On 10/06/2010 02:49 PM, Jiří Procházka wrote:
> Following todays #swig irc discussion about this , I would like to
> propose even more simplifying WebID - along with removing the
> requirement of RDF parsing, remove the requirement of content negotiation.
> How to achieve this?
> The most recent proposal was effectively to have the PEM file and the
> profile document share an URI.
> Instead of this I suggest adding not 1 but 2 additional pieces of
> information to the certificate:
> 1) the WebID profile document URI
> 2) a WebID certificate URI
My only issue with this is that there needs to be a mechanism that
ensures that the owner of #2 is also the owner of #1. Otherwise, you can
specify a self-signed certificate with a PEM sitting at a URL that you
own and a profile sitting at a URL that you don't. If the authenticating
service identifies you according to that profile, then forgery would be
Digital Bazaar, Inc.
More information about the foaf-protocols