W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: How To Handle WebIDs for (X)HTML based Claim Bearing Resources

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Sun, 01 Jan 2012 21:56:42 -0500
Message-ID: <4F011CEA.7030607@openlinksw.com>
To: public-xg-webid@w3.org
On 1/1/12 11:46 AM, Mo McRoberts wrote:
> On 31 Dec 2011, at 17:24, Kingsley Idehen wrote:
>
>> Peter gave an example a while back where he loses his Blog space URIs (since he doesn't control Blogspot or WordPress) but still needs to be able access resources where his old Blog space (the IdP)  URI is remains the focus of  ACL list by those granting him access to resources (e.g., photos). In this case, he can present a Cert. that has his old URI and his new URI in the certs. SAN. The ACLs don't have to change, assuming the verifiers comprehend coreference claims.
> There are a very limited number of ways in which that can work if the old URI no longer resolves to linked data matching up the with cert (as would be the case if the account at Blogspot was suspended, or Google shut it down, or whatever  including it now reflecting *somebody else's* claims) without making it trivially easy for hijacking to occur.

Hijacking doesn't work if you are leveraging signed equivalence claims. 
This is why OWL is important. The semantics matter, the channel is 
secure, and the claim is signed.
>
> M.
>


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen








Received on Monday, 2 January 2012 02:57:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 2 January 2012 02:57:08 GMT