Re: FOAF SSL success, form windows RDFa (via linked data)

On 10 Jan 2012, at 03:59, Kingsley Idehen wrote:

> 
> You still haven't addressed the locator (address) of the document that bears the graph to which the query applies. 
> 
> For the verifier:
> What happens if there are multiple URIs in the SAN?

That section I pasted deals with one SAN, one WebID claim. Each WebId claim is dealt with separately.
As is explained in the sequence diagram



The Guard then must ask the Verification Agent to verify that the WebIDs do identify the agent who knows the given public key.
The WebID is verified by looking up the definition of the URL at its canonical location. This can be done by dereferencing it. TheVerification Agent must extract the public key and all the URI entries contained in the Subject Alternative Name extension of the WebID Certificate. A WebID Certificate may contain multiple URI entries which are considered claimed WebIDs at this point, since they have not been verified. The Verification Agent may verify as many or as few WebIDs it has time for. It may do it in parallel and asynchronously. However that is done, a claimed WebID can only be considered verified if the following steps have been accomplished successfully:
If the WebID Verifier does not have an up to date version of the WebID profile in the cache, then it must dereference the WebID using the canonical method for dereferencing a URL of that scheme. For an https://... WebID this would be done using the [HTTP-TLS] protocol.
The returned representation is then transformed into an RDF graph as specified in Processing the WebID Profile
That graph is then queried as explained in Querying the Graph. If the query succeeds, then that WebID is verified.

Ok. so perhaps 5 should start with "Each WebID" instead of "The WebID".

So what happens for multiple SANs is written out. What is your problem? Please write out an example and explain how the above text would lead to the wrong behaviour.

Henry