W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: How To Handle WebIDs for (X)HTML based Claim Bearing Resources

From: Mo McRoberts <mo.mcroberts@bbc.co.uk>
Date: Sun, 1 Jan 2012 16:46:18 +0000
Cc: public-xg-webid@w3.org
Message-Id: <0341A24F-0FE3-4770-86AB-B33375C0A924@bbc.co.uk>
To: Kingsley Idehen <kidehen@openlinksw.com>

On 31 Dec 2011, at 17:24, Kingsley Idehen wrote:

> Peter gave an example a while back where he loses his Blog space URIs (since he doesn't control Blogspot or WordPress) but still needs to be able access resources where his old Blog space (the IdP)  URI is remains the focus of  ACL list by those granting him access to resources (e.g., photos). In this case, he can present a Cert. that has his old URI and his new URI in the certs. SAN. The ACLs don't have to change, assuming the verifiers comprehend coreference claims.

There are a very limited number of ways in which that can work if the old URI no longer resolves to linked data matching up the with cert (as would be the case if the account at Blogspot was suspended, or Google shut it down, or whatever  including it now reflecting *somebody else's* claims) without making it trivially easy for hijacking to occur.

M.

-- 
Mo McRoberts - Technical Lead - The Space,
0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
Project Office: Room 7083, BBC Television Centre, London W12 7RJ
Received on Sunday, 1 January 2012 16:46:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 1 January 2012 16:46:48 GMT