[foaf-protocols] cert validator in WIF

Kingsley Idehen kidehen at openlinksw.com
Thu Mar 3 17:24:02 CET 2011

On 3/2/11 5:21 PM, peter williams wrote:
> http://msdn.microsoft.com/en-us/library/system.servicemodel.security.x509certificatevalidationmode
> I know here we say that should one use a signed X token (with 
> self-signed) cert in tow, that the cert would be a webid (should if 
> ... have a SAN URI... that is an http ref... to a foaf card... with a 
> pubkey...in the right onological form...). But, I doubt the spec will 
> ever say that (since  its not ssl client authn based client certs)
Doesn't say the WebID must be HTTP scheme based. At least, that's my 
assumption based on URI abstraction realities. HTTP is a low cost and 
smart URI option for WebIDs with InterWeb scale in mind.

Webfinger (mailto: and acct:) and Fingerpoint (mailto:)  both provide 
mechanisms for alternative URI schemes for WebIDs. These non HTTP scheme 
based WebIDs can still resolve to a profile graph where Public Key and 
WebID are associated in line with WebID semantics.

The most important thing is the Name Ref/ Data Address heuristic that 
enables a WebID provide access to a structured profile graph to which 
the protocols trust logic can be applied.


> But, if it did, the above shows how to write and plugin a validator, 
> using the custom validation trust model.
> Now, what I half remember is that should one get a client cert FROM an 
> https server endpoint (as CGI consumer), then there is a class that 
> re-constructs it as claim, and then the claim can be validated - like 
> any other. I half believe that this would invoke the trust model 
> classes, and thus allow the custom cert validator class to be fired off.

> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols



Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20110303/ae1cff7a/attachment.htm 

More information about the foaf-protocols mailing list