W3C home > Mailing lists > Public > public-lod@w3.org > February 2010

Re: Storing PKCS#12 inside FOAF profile for FOAF+SSL

From: Story Henry <henry.story@bblfish.net>
Date: Mon, 22 Feb 2010 16:13:59 +0100
Cc: foaf-protocols@lists.foaf-project.org, Linked Data community <public-lod@w3.org>
Message-Id: <76D5CB3C-FE0F-4C07-A6F9-C8F2E8A08487@bblfish.net>
To: nathan@webr3.org

On 22 Feb 2010, at 15:59, Nathan wrote:
>> 
>> We would need something like this
>> 
>> :pk cert:timeIdentified [ a TimeSlice;
>>                          of :me;
>>                          from "2009-10-10..."^^xsd:dateTime;
>>                          to "2010-01-01..."^^xsd:dateTime .
>>                         ] .
>> 
>> It does not make sense to have time slices on a key, as that is a mathematical entity, very similar to a literal.
> 
> seems to me that a cert:Certificate should / could have Validity details
> on there (issued-on, expires on) - it's all ready catered for in
> certificates just needs expressed in the vocab.

yes, we have defined cert:Certificate, though we do not use it currently

cert:Certificate a owl:Class;
    vs:term_status "unstable";
    rdfs:subClassOf foaf:Document;
    rdfs:comment """A certificate is a Document that is signed.
    As explained here http://www.pgpi.org/doc/pgpintro/#p16
    'A digital certificate consists of three things:
        * A public key.
        * Certificate information. ('Identity' information about the  
          user, such as name, user ID, and so on.)
        * One or more digital signatures.'
    """ .

And the interesting thing is that it does not look like we need the notion of a certificate, and are able to get a lot done. Or rather: the foaf file is itself the certificate, and when it is served by an https server it is signed (during transmission). As per definition above the foaf file is a certificate because:
 - it contains a public key (and identitifes who knows the public key)
 - has information about the agent identified by the public key
 - and is signed (by the server when sent over https)
(so there is no need to place the signatures inside the foaf file)

The important piece is for how long a public key identifies an agent, as the one that knows it's private key. I think you could get a lot done just by specifying that.


Henry
Received on Monday, 22 February 2010 15:14:46 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:24:25 UTC