W3C home > Mailing lists > Public > public-xg-webid@w3.org > April 2011

webId schema agnosticism was: self-signed

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 19 Apr 2011 21:43:04 +0200
Cc: <nathan@webr3.org>, "Kingsley Idehen" <kidehen@openlinksw.com>, <public-xg-webid@w3.org>
Message-Id: <F454FE60-66FE-421C-9AC7-4196E8353BF6@bblfish.net>
To: "Mo McRoberts" <Mo.McRoberts@bbc.co.uk>

On 19 Apr 2011, at 21:23, Mo McRoberts wrote In relation to ISSUE-55: "explore WebID schema  agnosticim":
> 
> You do when it comes to conformance testing: as I said umpteen e-mails ago, if I'm building a server, how will I know what schemes people are expecting to use when they're authing with me — that has to be written down somewhere and testable before I can say “Log in with your WebID” :)


I'd say http & https is the most widely supported at present. If suddenly a new schema comes up and makes it into Forbes and the Economist talks about it  then I suppose we'll have an incentive to implement it. (Likely it made it there because we implemented it).

The momentum of https is in my view overwhelming. It has the right security properties and is built for the web.

But there is no reason to exclude other schemas. I wrote up an idea of using httpk schema here where the URI would contain the public key

   http://lists.w3.org/Archives/Public/public-xg-webid/2011Mar/0075.html

This is in fact where having the Subject Alternative Name allow a number of WebIDs is of course useful. It will be especially so for transition periods between one protocol and another. So your certificate could just contain two WebIDs, an https one and an httpk one. 

Henry


Social Web Architect
http://bblfish.net/
Received on Tuesday, 19 April 2011 19:43:35 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:06:24 UTC