W3C home > Mailing lists > Public > public-xg-webid@w3.org > August 2011

Re: How can users protect their foaf profile

From: Thomas Fritz <fritztho@gmail.com>
Date: Wed, 31 Aug 2011 14:52:19 +0200
Message-ID: <CAA1jL=rS0xqOf2NxgC4OW5CDVamPwa70pEBWmjGCczPBkyZUMg@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Cc: WebID List <public-xg-webid@w3.org>
Hi

Wouldn't it be possible to take the users client certificate and make
a https request (instead of http) back to his foaf profile from the
authentication requesting server. This server could then check if the
certificate is the same as the owners certificate. But even if this
would work (anyone knows if this is technically possible?) its just
one step. Because a user also wants to select which data he wants to
give away to the the requesting site.
In fact there has to be an extra step - like in openid - where the
user gets redirected to the profiles provider, etc. etc.

Any thoughts?

Kind regards



---
Thomas FRITZ
web http://fritzthomas.com
twitter http://twitter.com/thomasf



2011/8/31 Melvin Carvalho <melvincarvalho@gmail.com>:
> On 31 August 2011 13:08, Thomas Fritz <fritztho@gmail.com> wrote:
>> Hi
>>
>> How can users protect their foaf profile so it is not publicly
>> available to everyone.
>> How can this be implemented so, i as the profile owner, can select
>> which data i want to give to the authentication site.
>>
>> In all diagrams there is the assumption that the foaf profile can
>> publicly accessed.
>
> I think generally this will be the next thing to standardize after the
> WebID spec is finished.
>
> But current details are here:
>
> http://www.w3.org/wiki/WebAccessControl
>
>>
>>
>>
>> ---
>> Thomas FRITZ
>> web http://fritzthomas.com
>> twitter http://twitter.com/thomasf
>>
>>
>
Received on Wednesday, 31 August 2011 12:53:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 31 August 2011 12:53:07 GMT