- From: Toby Inkster <tai@g5n.co.uk>
- Date: Mon, 12 Jul 2010 09:44:14 +0100
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: RDFa WG <public-rdfa-wg@w3.org>, foaf-protocols@lists.foaf-project.org
On Sun, 11 Jul 2010 17:28:51 -0400
Manu Sporny <msporny@digitalbazaar.com> wrote:
> Here's the link to the e-mail announcement on payswarm-dev:
>
> http://payswarm.com/pipermail/payswarm-dev/2010-July/000035.html
This seems like a good start. However, the SPARQL query shown uses the
deprecated form for marking up keys:
PREFIX cert: <http://www.w3.org/ns/auth/cert#>
PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
SELECT ?modulus ?exp
WHERE {
?key cert:identity <http://example.org/webid#public>;
a rsa:RSAPublicKey;
rsa:modulus [ cert:hex ?modulus; ];
rsa:public_exponent [ cert:decimal ?exp ] .
}
The newer form uses datatypes instead of the cert:hex and cert:decimal
properties:
PREFIX cert: <http://www.w3.org/ns/auth/cert#>
PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
SELECT ?modulus ?exp
WHERE {
?key cert:identity <http://example.org/webid#public>;
a rsa:RSAPublicKey;
rsa:modulus ?modulus;
rsa:public_exponent ?exp .
}
It's possible to support both in the same SPARQL query:
PREFIX cert: <http://www.w3.org/ns/auth/cert#>
PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
SELECT ?modulus ?exp ?modulus2 ?exp2
WHERE {
?key cert:identity <http://example.org/webid#public>;
a rsa:RSAPublicKey;
rsa:modulus ?modulus;
rsa:public_exponent ?exp .
OPTIONAL { ?modulus cert:hex ?modulus2 . }
OPTIONAL { ?exp cert:decimal ?exp2 . }
}
Using ?modulus2 and ?exp2 if they are bound; ?modulus and ?exp
otherwise.
A few other thoughts...
The definition of "WebID URL" is:
| A URL specified in the Subject Alternative Name field
| of the Identification Certificate that identifies a
| WebID Profile document.
Actually, the WebID URL identifies an Agent, typically a Person. The
URL will normally contain a fragment identifier though, and by removing
the fragment, you get the URL for a WebID Profile document; or if it
does not contain a fragment identifier, it should perform a 303
redirect to the WebID Profile document.
There should probably be a definition for "WebID Holder" or something
similar. And we should note that the WebID Profile may provide a
description of the WebID Holder, typically using FOAF.
I'd also like for RDF/XML to be another format that implementations are
*required* to support. RDF/XML and XHTML+RDFa are the two RDF
serialisations at W3C Rec status, so it seems sensible to grant them
both equal status in the WebID spec. (Of course, there's growing
interest within the W3C in standardising both Turtle and a JSON
serialisation of RDF. I don't know how many serialisations it makes
sense to require.)
I think section 2.3.5 should be dropped. Once the identity of the agent
has been established, it's up to the server what to do with that
information. We should draw a line between authentication and
authorisation. Apache does this and it works very well: you can swap
authn and authz modules in and out independently of each other.
Lastly, it would be nice to keep the foaf-protocols mailing list copied
into this thread, as it's the main place where FOAF+SSL is discussed.
--
Toby A Inkster
<mailto:mail@tobyinkster.co.uk>
<http://tobyinkster.co.uk>
Received on Monday, 12 July 2010 08:45:26 UTC