short life certs from server cert endpoints from peter williams on 2011-04-13 (public-xg-webid@w3.org from April 2011)

From: peter williams <home_pw@msn.com>
Date: Wed, 13 Apr 2011 02:16:43 -0700
To: "'WebID XG'" <public-xg-webid@w3.org>
Message-ID: <SNT143-ds14347A54A0F239713D9AD792AA0@phx.gbl>

In rest it makes sense for a service to consume a webid, then mint a short
life cert that it expects  the next ssl handshake to quote back to it.

 

Assuming server cert has certsigning key usage , server-cum-ca could chain
said cert to its own server cert chain. The client sends it back to the
server in ssl handshake to assert session, or releases it to others as a
kind of idp token.

Received on Wednesday, 13 April 2011 09:17:17 UTC