Minutes June 27 Meeting

Are available here:

http://www.w3.org/2011/06/27-webid-minutes.html

We covered:
 - critical certificate extensions (a topic discussed in Berlin (bergi to add to Berlin wiki))
    someone to write  a bug report to Apache to make it easier to switch off the default Apache behaviour 
    that automatically rejects any certificates with critical extensions - so that test services can be 
    written more easily.

 - what should be handled by SSL alert messages, and what should be handled by web servers?
   [I think that the SSL layer need only do TLS encryption/decryption and initial verification of public/private key 
    pairs. The authentication, binding the public key to a global Identifier - is really done at a higher level - it depends on which CAs one trusts in traditional PKI, or in WebID on the protocol completing successfully. Furthermore authentication is not an absolute in either case, it depends on the trust one has in CAs (can be very shaky) to the trust one calculates based on whether the user has an https or http webid. If one looks at it that way, it is clear why it is possible to jump from the Transport Layer to the application layer, and why one can return an HTTP error page. Something to be developed...]
 
 - issue with webid.fcnse.eu and Safari (probably due to it being a SNI hosted machine),


TODOs: 
  - who want to deal with Apache bug/enhancement report? 
  - bergi update on Wiki
  - Domel wants to update the spec with an rdf/xml example.
    Use the https://github.com/scor/webid-spec if you feel comfortable with github


Henry

Social Web Architect
http://bblfish.net/

Received on Thursday, 30 June 2011 07:06:52 UTC