[foaf-protocols] cert validator in WIF
kidehen at openlinksw.com
Thu Mar 3 17:24:02 CET 2011
On 3/2/11 5:21 PM, peter williams wrote:
> I know here we say that should one use a signed X token (with
> self-signed) cert in tow, that the cert would be a webid (should if
> ... have a SAN URI... that is an http ref... to a foaf card... with a
> pubkey...in the right onological form...). But, I doubt the spec will
> ever say that (since its not ssl client authn based client certs)
Doesn't say the WebID must be HTTP scheme based. At least, that's my
assumption based on URI abstraction realities. HTTP is a low cost and
smart URI option for WebIDs with InterWeb scale in mind.
Webfinger (mailto: and acct:) and Fingerpoint (mailto:) both provide
mechanisms for alternative URI schemes for WebIDs. These non HTTP scheme
based WebIDs can still resolve to a profile graph where Public Key and
WebID are associated in line with WebID semantics.
The most important thing is the Name Ref/ Data Address heuristic that
enables a WebID provide access to a structured profile graph to which
the protocols trust logic can be applied.
> But, if it did, the above shows how to write and plugin a validator,
> using the custom validation trust model.
> Now, what I half remember is that should one get a client cert FROM an
> https server endpoint (as CGI consumer), then there is a class that
> re-constructs it as claim, and then the claim can be validated - like
> any other. I half believe that this would invoke the trust model
> classes, and thus allow the custom cert validator class to be fired off.
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the foaf-protocols