Re: PURL WebIDs from Kingsley Idehen on 2013-08-07 (public-lod@w3.org from August 2013)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 07 Aug 2013 17:03:09 -0400
To: public-lod@w3.org
Message-ID: <5202B60D.4060105@openlinksw.com>

On 8/7/13 4:36 PM, Norman Gray wrote:
> By the way: 'non-exotic' here, means an action that the n-t-f already has some mental model of, and which they have already managed to do, for some other entirely pragmatic reason.  Interestingly, I suspect that the process of generating the WebID certificate in the browser fails this test,_even though_  the certificate has to end up in the browser (other than on OS X), because there's no clear mental model of what's happening in this step, and that matters.

True!

This is why we no longer use that default. The preference is to produce 
a pkcs#12 file instead. Once produced, you can dispatch this file to any 
modern operating system and the processes of storing crypto data to 
keystore becomes a native OS interaction.

In this age of PRISM, NSA, and TEMPORA, the notion of saving identity 
oriented claims to a secure pkcs#12 file, that lives on your own 
computing device, is an endeavor that folks are willing to invest five 
or less minutes learning.

Here's the process, as we currently see it:

1. obtain profile data -- from an existing FOAF document or 3rd party 
social media/network oriented service
2. generate keypairs (outside the browser)
3. generate certificate using the profile data and public key from the 
steps above -- sign the certificate using the private key (you are the 
passport holder and issuer/signer in this scenario)
4. publish certificate claims (in Linked Data form) to a public document 
(typically a FOAF vocab based profile document) that's accessible via 
the WebID placed in the certificate's SAN
5. save private key and certificate to a pkcs#12 file
6. dispatch (via email, mounted drive, usb etc..) the pkcs#12 file to 
your computing devices
7. enjoy the wonderment of Webby-PKI based trust Webs!

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Wednesday, 7 August 2013 21:03:32 UTC