W3C home > Mailing lists > Public > semantic-web@w3.org > April 2008

Re: [foaf-dev] RDFAuth_Sketch: what are we trying to solve

From: Story Henry <henry.story@bblfish.net>
Date: Tue, 1 Apr 2008 15:48:53 +0200
Cc: Semantic Web <semantic-web@w3.org>, foaf-dev Friend of a <foaf-dev@lists.foaf-project.org>
Message-Id: <FA5D30C1-D8BC-40FF-951C-01ECA75F6D4A@bblfish.net>
To: Anthony Steele <Anthony@PlasticAvalon.org>

On 1 Apr 2008, at 15:22, Anthony Steele wrote:
> Story Henry wrote:
>
> > But instead of requiring an Identity server we use
>> PGP asymmetric key cryptography to identify the User Agent Owner.
>
> A point of order: In this context, PGP stands for "Pretty Good  
> Privacy".  It is a particular implementation, albeit a  
> groundbreaking one.  GPG (http://gnupg.org/ ) is another. I don't  
> want to be tied to an implementation when I can use standards.

Yes quite right. I was thinking of any algorithm that would use public  
key encryption, and that would allow a public key to be safely  
published on the web.

As with HTTPS I can imagine that a good protocol would be flexible as  
to which algorithm to use.
Toby Inkster had a some interesting thoughts on how this could relate  
to https

   http://www.w3.org/mid/62649.81.2.120.180.1206622777.squirrel@goddamn.co.uk

Henry


> I see from Wikipedia (http://en.wikipedia.org/wiki/ 
> Pretty_Good_Privacy )
> that the relevant standard for public-key cryptography is rfc4880 (http://tools.ietf.org/html/rfc4880 
>  )
>
> If this would be easier to implement for me over openId/OAuth  
> depends on the availability of libraries. I haven't had time to look  
> into this or the technical merits of the solution yet.
>
> Anthony



Received on Tuesday, 1 April 2008 13:58:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 07:42:03 UTC