W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Multiple certificates belonging to a WebID (or multiple IDs).

From: Andrei Sambra <andrei@fcns.eu>
Date: Fri, 01 Apr 2011 16:41:04 +0200
To: Henry Story <henry.story@bblfish.net>
Cc: WebID XG <public-xg-webid@w3.org>
Message-ID: <1301668864.12143.8.camel@rena>
On Fri, 2011-04-01 at 15:24 +0100, Henry Story wrote:
> On 31 Mar 2011, at 12:54, Andrei Sambra wrote:
> 
> > First of all, a big Hello since this is my first post on the mailing
> > list!
> > 
> > After browsing through the specs for a while, I couldn't find any
> > mention to whether it's possible or not to have multiple certificates
> > associated to a WebID,
> 
> yes, you can. I have a different certificate with the different public keys and the
> same webid in each of my browsers.
Wouldn't this mean that you must have an entry for a public key belonging to each certificate in your foaf file? (that's what I was asking, scroll down)

> > or for this matter, how would they be processed
> > by the authentication system.
> 
> Are you trying to send the certificates simultaneously? Or perhaps you are thinking of a chain
> of certificates? What is you use case?
I was wondering if there was a formal way to process multiple
rsa#RSAPublicKey resources found in the same foaf file. For example:

<rsa:RSAPublicKey
 xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
 xmlns:cert="http://www.w3.org/ns/auth/cert#">
    <cert:identity rdf:resource="#me" />
    <rsa:modulus cert:hex="eb29b38d7f47a7..." />
    <rsa:public_exponent cert:decimal="65537" />
</rsa:RSAPublicKey>

<rsa:RSAPublicKey
 xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
 xmlns:cert="http://www.w3.org/ns/auth/cert#">
    <cert:identity rdf:resource="#me" />     <---- same identity
    <rsa:modulus cert:hex="2e082ed121..." />   <----- different key
    <rsa:public_exponent cert:decimal="65537" />
</rsa:RSAPublicKey>

> > Also, could user have multiple identities
> > associated to a profile file (think of resources made available through
> > ACLs)?
> 
> Yes, that's possible.
> I am not sure what use it would be. It is likely that you could do what you are trying to do in a better way.

I was thinking of a "root" identity with multiple child identities
(which can be used depending on situation, when anonymity / privacy
issues arise).

> > 
> > Andrei 
> > 
> > 
> > 
> 
> Social Web Architect
> http://bblfish.net/
> 
> 
Received on Friday, 1 April 2011 14:40:59 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:23 UTC