[foaf-protocols] cert validator in WIF

Kingsley Idehen kidehen at openlinksw.com
Thu Mar 3 17:24:02 CET 2011


On 3/2/11 5:21 PM, peter williams wrote:
>
> http://msdn.microsoft.com/en-us/library/system.servicemodel.security.x509certificatevalidationmode
>
> I know here we say that should one use a signed X token (with 
> self-signed) cert in tow, that the cert would be a webid (should if 
> ... have a SAN URI... that is an http ref... to a foaf card... with a 
> pubkey...in the right onological form...). But, I doubt the spec will 
> ever say that (since  its not ssl client authn based client certs)
>
Doesn't say the WebID must be HTTP scheme based. At least, that's my 
assumption based on URI abstraction realities. HTTP is a low cost and 
smart URI option for WebIDs with InterWeb scale in mind.

Webfinger (mailto: and acct:) and Fingerpoint (mailto:)  both provide 
mechanisms for alternative URI schemes for WebIDs. These non HTTP scheme 
based WebIDs can still resolve to a profile graph where Public Key and 
WebID are associated in line with WebID semantics.

The most important thing is the Name Ref/ Data Address heuristic that 
enables a WebID provide access to a structured profile graph to which 
the protocols trust logic can be applied.

Kingsley

> But, if it did, the above shows how to write and plugin a validator, 
> using the custom validation trust model.
>
> Now, what I half remember is that should one get a client cert FROM an 
> https server endpoint (as CGI consumer), then there is a class that 
> re-constructs it as claim, and then the claim can be validated - like 
> any other. I half believe that this would invoke the trust model 
> classes, and thus allow the custom cert validator class to be fired off.
>

>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen





-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.foaf-project.org/pipermail/foaf-protocols/attachments/20110303/ae1cff7a/attachment.htm 


More information about the foaf-protocols mailing list