W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

Re: FOAF SSL success, form windows RDFa (via linked data)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Tue, 10 Jan 2012 07:08:24 -0500
Message-ID: <4F0C2A38.3000308@openlinksw.com>
To: Henry Story <henry.story@bblfish.net>
CC: public-xg-webid@w3.org
On 1/10/12 5:26 AM, Henry Story wrote:
>
> On 10 Jan 2012, at 03:59, Kingsley Idehen wrote:
>
>>
>> You still haven't addressed the locator (address) of the document 
>> that bears the graph to which the query applies.
>>
>> For the verifier:
>> What happens if there are multiple URIs in the SAN?
>
> That section I pasted deals with one SAN, one WebID claim. Each WebId 
> claim is dealt with separately.
> As is explained in the sequence diagram
>
> 1.
>
>
> 2.
>
>
>
> 3.
>
>
>
>
>  4. The Guard
>     <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-guard> then
>     /must/ ask the Verification Agent
>     <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-verification_agent> to
>     verify that the WebIDs do identify the agent who knows the given
>     public key.
>  5. The WebID is verified by looking up the definition of the URL at
>     its canonical location. This can be done by dereferencing it.
>     TheVerification Agent
>     <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-verification_agent>
>     /must/ extract the public key
>     <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-public_key> and
>     all the URI entries contained in the |Subject Alternative
>     Name| extension of the WebID Certificate
>     <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-webid_certificate>.
>     A WebID Certificate
>     <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-webid_certificate>
>     /may/ contain multiple URI entries which are considered claimed
>     WebID
>     <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-webid>s
>     at this point, since they have not been verified. The Verification
>     Agent
>     <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-verification_agent> may
>     verify as many or as few WebIDs it has time for. It may do it in
>     parallel and asynchronously. However that is done, a claimed WebID
>     can only be considered verified if the following steps have been
>     accomplished successfully:
>      1. If the WebID Verifier
>         <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#dfn-webid_verifier> does
>         not have an up to date version of the WebID profile in the
>         cache, then it /must/ dereference the WebID using the
>         canonical method for dereferencing a URL of that scheme. For
>         an |https://...| WebID this would be done using the [HTTP-TLS
>         <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#bib-HTTP-TLS>]
>         protocol.
>      2. The returned representation is then transformed into an RDF
>         graph as specified in Processing the WebID Profile
>         <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#processing-the-webid-profile>
>      3. That graph is then queried as explained in Querying the Graph
>         <https://dvcs.w3.org/hg/WebID/raw-file/tip/spec/index-respec.html#querying-the-graph>.
>         If the query succeeds, then that WebID is verified.
>
>
> Ok. so perhaps 5 should start with "Each WebID" instead of "The WebID".

Yes.

Each WebID (a Name) is verified by looking up its description at a 
canonical location (a URL).

Kingsley
>
> So what happens for multiple SANs is written out. What is your 
> problem? Please write out an example and explain how the above text 
> would lead to the wrong behaviour.
>
> Henry
>
>


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen








Received on Tuesday, 10 January 2012 12:08:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 10 January 2012 12:08:48 GMT