W3C home > Mailing lists > Public > public-webid@w3.org > September 2012

Re: Perceived issues with TLS Client Auth

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Thu, 27 Sep 2012 09:09:13 -0400
Message-ID: <50644FF9.3030800@openlinksw.com>
To: Henry Story <henry.story@bblfish.net>
CC: Ben Laurie <benl@google.com>, Melvin Carvalho <melvincarvalho@gmail.com>, public-webid <public-webid@w3.org>
On 9/27/12 6:14 AM, Henry Story wrote:
>    No the WebID is in the Certificate hidden from the user. The browser
> presents you with the Common Name (CN) of the Distinguished Name. You should
> therefore make the CN be something easy to identify eg:
>
>     benl@google.com  for your current work certificate
>     benl@apache.org  since you are a founding director of Apache
>       (http://en.wikipedia.org/wiki/Ben_Laurie  )
>
> Or whatever fits into a CN field. In fact your certificate provider
> should help you make the right choice.

See examples of what Henry states above at:

1. https://dl.dropbox.com/u/11096946/multiple-certs-are-fine-1.png -- 
keystore view
2. https://dl.dropbox.com/u/11096946/multiple-certs-are-fine-2.png -- 
keystore UI presented in response to authentication challenge
3. 
https://dl.dropbox.com/u/11096946/specific-certificate-view-showing-DN-CN-data.png 
-- specific certificate snapshot
4. 
https://dl.dropbox.com/u/11096946/specific-certificate-view-showing-DN-CN-data-2.png 
-- remaining part of cert. snapshot
5. 
http://id.myopenlink.net/about/id/entity/http/www.linkedin.com/in/kidehen -- 
WebID used to watermark for this particular certificate
6. 
http://id.myopenlink.net/about/id/entity/http/www.linkedin.com/in/kidehen#cert11680ABA333FAE0B2AC974A5009B6175C45A5045 
-- URI that resolves to my profile hosted x.509 certificate claims mirror .

It's all about the data exposed by Web-scale Linked Data graphs, 
courtesy of de-referencable URIs :-)

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen







Received on Thursday, 27 September 2012 13:09:45 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 31 March 2013 14:40:59 UTC