W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: Multiple certificates belonging to a WebID (or multiple IDs).

From: Henry Story <henry.story@bblfish.net>
Date: Fri, 1 Apr 2011 16:15:01 +0100
Cc: WebID XG <public-xg-webid@w3.org>
Message-Id: <863EE7B4-9DB2-4745-9D71-FCFBA61B23EE@bblfish.net>
To: Andrei Sambra <andrei@fcns.eu>

On 1 Apr 2011, at 15:41, Andrei Sambra wrote:

> On Fri, 2011-04-01 at 15:24 +0100, Henry Story wrote:
>> On 31 Mar 2011, at 12:54, Andrei Sambra wrote:
>> 
>>> First of all, a big Hello since this is my first post on the mailing
>>> list!
>>> 
>>> After browsing through the specs for a while, I couldn't find any
>>> mention to whether it's possible or not to have multiple certificates
>>> associated to a WebID,
>> 
>> yes, you can. I have a different certificate with the different public keys and the
>> same webid in each of my browsers.
> Wouldn't this mean that you must have an entry for a public key belonging to each certificate in your foaf file? (that's what I was asking, scroll down)
> 
>>> or for this matter, how would they be processed
>>> by the authentication system.
>> 
>> Are you trying to send the certificates simultaneously? Or perhaps you are thinking of a chain
>> of certificates? What is you use case?
> I was wondering if there was a formal way to process multiple
> rsa#RSAPublicKey resources found in the same foaf file. For example:

it depends what your process is. In the implementations you will see that they
query for public keys and then match them with the one found in the x509 cert.

> 
> <rsa:RSAPublicKey
> xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
> xmlns:cert="http://www.w3.org/ns/auth/cert#">
>    <cert:identity rdf:resource="#me" />
>    <rsa:modulus cert:hex="eb29b38d7f47a7..." />
>    <rsa:public_exponent cert:decimal="65537" />
> </rsa:RSAPublicKey>
> 
> <rsa:RSAPublicKey
> xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
> xmlns:cert="http://www.w3.org/ns/auth/cert#">
>    <cert:identity rdf:resource="#me" />     <---- same identity
>    <rsa:modulus cert:hex="2e082ed121..." />   <----- different key
>    <rsa:public_exponent cert:decimal="65537" />
> </rsa:RSAPublicKey>

btw, you don't need to repeat the namespaces twice.

> 
>>> Also, could user have multiple identities
>>> associated to a profile file (think of resources made available through
>>> ACLs)?
>> 
>> Yes, that's possible.
>> I am not sure what use it would be. It is likely that you could do what you are trying to do in a better way.
> 
> I was thinking of a "root" identity with multiple child identities
> (which can be used depending on situation, when anonymity / privacy
> issues arise).

Not sure why one would be root or the other a child. But really if you want anonyity why link the profiles
so closely? you may as well have them on different servers. Putting both in the same file is a bit of a giveaway, unless there are 1million entries in that file, which I don't recommend.



> 
>>> 
>>> Andrei 
>>> 
>>> 
>>> 
>> 
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 
> 
> 

Social Web Architect
http://bblfish.net/
Received on Friday, 1 April 2011 15:15:38 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:23 UTC