RE: Matter of DN and what's possible from Peter Williams on 2012-01-08 (public-xg-webid@w3.org from January 2012)

From: Peter Williams <home_pw@msn.com>
Date: Sun, 8 Jan 2012 15:40:42 -0800
To: <mo.mcroberts@bbc.co.uk>, <kidehen@openlinksw.com>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>
Message-ID: <SNT143-W41496FD35686507C242BC929B0@phx.gbl>

 SAN is the users name. SIA is the pointer to the describer resource - one of whose alternates predicate's values locates the place where the .cer blob can be picked up, with the right mime type(s). Another alternate can point to the PEM encoded blob . Another can point to the .p12 wrapped form of the same blob. Another can point to the .p7m and .p7c forms of the blob (located in cert stores). Another can point to signed SAML2 entitydescriptor, with a base64 encoded element within (containing the blob(s)). There is actually a choice. One could have different access methods in the cert SIA, one per . But, somehow, I feel the semantic web describer apparatus will do a better job (and drives the integration).  
 > From: mo.mcroberts@bbc.co.uk
> Date: Sun, 8 Jan 2012 23:15:28 +0000
> CC: public-xg-webid@w3.org
> To: kidehen@openlinksw.com
> Subject: Re: Matter of DN and what's possible
> 
> 
> On 8 Jan 2012, at 23:07, Kingsley Idehen wrote:
> 
> > On 1/8/12 5:52 PM, Mo McRoberts wrote:
> >>> What we need to get people to understand somehow is the fact that you can have a URL (a Locator) and a generic URI (Name) in a cert such that publishers can make descriptor resources for cert. subjects -- using URIs as subject names --  and then publish to network resources addresses identified using URLs.  Doing this reduces publisher tedium inevitably introduced by  Linked Data nuances re., de-referencable URI based names.
> >> I asked previously that you post an example cert (don't worry about the key material, obviously) which shows what you mean — i.e., what things you'd put where and how you believe they should be processed.
> >> 
> > 
> > Based on my reply to Peter, we will make a cert that just uses the less controversial Subject Information Access extension. The semantics of this cert. element covers exactly what I need i.e., a place for URLs that resolve to resources bearing directed graphs where attribute=value or predicate=object pairs coalesce around identifiers for the cert. subject, as placed in SAN .
> 
> If I'm understanding correctly, you're saying (for example), that sIA might contain a URL, while the sAN contains the URI of the certificate holder which appears within the document published at the sIA URL?
> 
> M.
> 
> -- 
> Mo McRoberts - Technical Lead - The Space,
> 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E,
> Project Office: Room 7083, BBC Television Centre, London W12 7RJ
> 
> 
> 
>

Received on Sunday, 8 January 2012 23:43:43 UTC