RE: adding second mod to #me from peter williams on 2011-04-14 (public-xg-webid@w3.org from April 2011)

From: peter williams <home_pw@msn.com>
Date: Thu, 14 Apr 2011 05:22:44 -0700
To: "'Andrei SAMBRA'" <andrei.sambra@gmail.com>
CC: "'WebID XG'" <public-xg-webid@w3.org>, "'Melvin Carvalho'" <melvincarvalho@gmail.com>
Message-ID: <SNT143-ds195C6923EFCEED1235894E92AD0@phx.gbl>
Thanks! I liked foaf.me because it just a tool. It didn’t try to alter my perspectives on the world, or do groupware.

Here is some code in return

http://cid-05061d4609325b60.office.live.com/self.aspx/Public/FiddlerCoreAPI%20-%20for%20WebID%20SSL%20demo.zip.

It’s a very raw webid interceptor (for .NET), little more than a TCP endpoint with an SSL stream class. Its not a "web server" or (to use SUNB marketing speak) an application server, in a n-tier enterprise web architecture. Its an https endpoint, doing webid validation. It’s the kind of code you put in a firewall, fronting a web farm. It may work in the Mono VM, on Linux, though I have not tried it..

It's built on a different philosophy to folks centering life on websites for webid enablement - that certs are minted offline on PCs (not remotely, by website operators). Similarly, FOAF cards are edited and hosted on PCs (not profile management websites). That the PC is available on the web is a little counter-intuitive - as many folks are trained to think of a client/server world in which the PC is largely a browser (that has no web presence, as a source of resources). But, with the likes of Opera Unite and webSockets, this notion set is going out the door. Even the old web architecture is going peer-peer!

Now, the project does not discard the role of the website on the PC. The project includes a SSL-specialized web proxy, also running on the PC. It’s a "supporting" website for the PC, one controlled by the user. It plays with client certs, in non browser settings. 

Remember, Im not very interested in semantic web itself , except to the degree that it provides a modernized cert linking and graph-discovery world (and it has a more modern syntax for the cert fields (triples etc)). The rest of the semweb is beyond me. I just specialize in commoditizing certs, secure channels, trusted systems of composed channels, etc.... so it all works at huge scale.

-----Original Message-----
From: Andrei SAMBRA [mailto:andrei.sambra@gmail.com] 
Sent: Thursday, April 14, 2011 1:06 AM
To: peter williams
Cc: WebID XG; Melvin Carvalho
Subject: Re: adding second mod to #me

Hi Peter.

I'm currently working on a series of tools to help create/test/debug webids. I have included the possibility for users to create a local webid with an arbitrary number of resources (webpages, emails, interests, friends, PGP keys, AND certificates). This particular tool even creates a default certificate and installs it in your browser if you so desire. Also, if you choose to create a certificate along the foaf profile, it allows up to 2 more URIs in the subjectAltName. :-)

Here is the suite: http://webid.fcns.eu

You can then see a verbose authentication process at https://auth.fcns.eu/auth/index.php?verbose=on

Andrei

On Thu, Apr 14, 2011 at 4:01 AM, peter williams <home_pw@msn.com> wrote:
> I like foaf.me. I got to make several more foaf cards.
>
>
>
> I want to do its normal use case of creating a webid-capable card, and 
> then login ot the site to do additional editing. Using the text 
> editor, I want to add an additional modulus/exp to #me, so I have 2 
> rsakeys. I will generate the rsa keypair locally, without the involvement of any website.
>
>
>
> If I wanted to edit the following to add that additional mod/exp, what 
> would I do? Assume the 2nd mod has value ABCD and the 2nd exponent is 10.
>
>
>
> I will test the result that my two rsa keys both get validated, at my 
> own interceptor, and at Henry’s.
>
>
>
> I already did this for two different anchors, at 
> http://foaf.me/peter34. Now I want to do it for 1 anchor, 2 keys.
>
>
>
> For fun, could you fiddle around and enable a request of the form
> http://184.73.210.205/peter34 to get the same result as 
> http://foaf.me/peter34.
>
>
>
> In my client, Im dynamically re-signing and re-formulating the client 
> certs – changing the SAN URIs to the latest IP address of the 
> domain-name. Just stressing things a bit, to see what happens.
>
>
>
> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
>
>       xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"
>
>       xmlns:foaf="http://xmlns.com/foaf/0.1/"
>
>       xmlns:rsa="http://www.w3.org/ns/auth/rsa#"
>
>       xmlns:cert="http://www.w3.org/ns/auth/cert#"
>
>       xmlns:admin="http://webns.net/mvcb/">
>
> <foaf:PersonalProfileDocument rdf:about="">
>
>     <foaf:maker rdf:resource="#me"/>
>
>     <foaf:primaryTopic rdf:resource="#me"/>
>
> </foaf:PersonalProfileDocument>
>
> <foaf:Person rdf:ID="me">
>
>     <foaf:nick>wiki4</foaf:nick>
>
>     <foaf:homepage rdf:resource="http://foaf.me/wiki4"/>
>
> </foaf:Person>
>
> <rdf:Description>
>
> <rdf:type rdf:resource="http://www.w3.org/ns/auth/rsa#RSAPublicKey"/>
>
> <cert:identity rdf:resource="#me"/>
>
>             <rsa:modulus
> rdf:parseType="Resource"><cert:hex>12341234</cert:hex></rsa:modulus>
>
>             <rsa:public_exponent
> rdf:parseType="Resource"><cert:decimal>234</cert:decimal></rsa:public_
> exponent>
>
> </rdf:Description>
>
> </rdf:RDF>
Received on Thursday, 14 April 2011 12:23:15 UTC