W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

Re: How to request a WebID?

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 5 Apr 2011 15:31:35 +0200
Cc: WebID XG <public-xg-webid@w3.org>
Message-Id: <DF93B03E-D76A-44B7-B3B8-3CE2C1D17574@bblfish.net>
To: nathan@webr3.org

On 5 Apr 2011, at 15:01, Nathan wrote:

> Hi All,
> 
> A possible issue, how does a server specifically tell a client that it's trying to auth with WebID?

This is ISSUE-15: Native browser-based WebID-only certificate display

(the name could do with improvement)

> 
> Let's suppose for a moment that somebody else comes up with (or already uses) an authentication protocol which also uses client side certs as identifiers, let's call is SSL-ID.
> 
> In my browser I have 2 certificates, my WebID one, and my SSL-ID one, so:
> 
> 1) how does a server inform the client that it's requesting a WebID or an SSL-ID?
> 2) how do I (as a user) know which to select, when all that's presented is a "please select your 
> certificate"?

If all WebId enabled certificates that were self signed used the same DN then one could
use the build in certificate selection mechanism of TLS

This was brought up here initially by Bruno Harbulot:
http://lists.foaf-project.org/pipermail/foaf-protocols/2009-April/000450.html

It would require us to come up with such a DN, and for all WebID generated certificates to place those
in the Certificates.

There is an issue of how this would be compatible with CA issued certs with WebIDs too. There we should perhaps recommend a TLS protocol improvement.

> 
> We may need to address this, or include technologies which cater for this (I can't think of any off the top of my head, but then I haven't looked or paid attention to this use case yet - may follow up later if I find some).
> 
> Best,
> 
> Nathan
> 

Social Web Architect
http://bblfish.net/
Received on Tuesday, 5 April 2011 13:32:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:23 UTC