Re: How To Handle WebIDs for (X)HTML based Claim Bearing Resources

On 3 Jan 2012, at 22:08, Kingsley Idehen wrote:

> On 1/3/12 2:48 PM, Mo McRoberts wrote:
>>> > 
>>> When you sign the claim a verifier can apply WebID logic to it. Especially, when it already has record of your prior claim. This is what a proxy URI enables i.e., cache of prior claims (URI and Public Key relations) in an Idp space to which you have CRUD privileges.
>>> 
>>> > 
>>> > <my-URI>  owl:sameAs<http://kingsley.blogspot.com/>
>>> > 
>>> > 
>>> Will not work in this scenario. Where is the proof? The relation is<my-URI>  and a Public Key equivalent to<my-New-URI>  and a Public Key, in my idp space. It isn't just about the statement. There is a context to which these equivalence semantics are being applied.
>>> 
>>> > 
>>> > 
>>> Again, I am not mandating owl:sameAs without context of WebID. I am saying, in a nutshell, sign the owl:sameAs claim when its made in idp space. WebID lets you verify claims.
>>> 
>> Sign it with WHAT? You've said the key in the cert has no impact. A newly minted key? Well, I (the attacker) can sign using a key *I*
>>  have just generated.
>> 
>> 
>> 
>> 
> 
> I am saying the key is not the be all and end all. It the relations that matter. Your question is akin to asking: why do you need a composite key when each component of the key has unique identity and functionality in its own right. 

RIGHT, so you do in fact sign the new claim (the owl:sameAs) with the key that you used previously.

Which is what I said previously. And a multitude of times subsequently. Each time to be met with a different obfuscated answer.

This is like pulling teeth.

-- 
Mo McRoberts - Technical Lead - The Space,
0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
Project Office: Room 7083, BBC Television Centre, London W12 7RJ

Received on Tuesday, 3 January 2012 22:37:38 UTC