Re: Storing PKCS#12 inside FOAF profile for FOAF+SSL

On 22 Feb 2010, at 15:59, Nathan wrote:
>> 
>> We would need something like this
>> 
>> :pk cert:timeIdentified [ a TimeSlice;
>>                          of :me;
>>                          from "2009-10-10..."^^xsd:dateTime;
>>                          to "2010-01-01..."^^xsd:dateTime .
>>                         ] .
>> 
>> It does not make sense to have time slices on a key, as that is a mathematical entity, very similar to a literal.
> 
> seems to me that a cert:Certificate should / could have Validity details
> on there (issued-on, expires on) - it's all ready catered for in
> certificates just needs expressed in the vocab.

yes, we have defined cert:Certificate, though we do not use it currently

cert:Certificate a owl:Class;
    vs:term_status "unstable";
    rdfs:subClassOf foaf:Document;
    rdfs:comment """A certificate is a Document that is signed.
    As explained here http://www.pgpi.org/doc/pgpintro/#p16
    'A digital certificate consists of three things:
        * A public key.
        * Certificate information. ('Identity' information about the  
          user, such as name, user ID, and so on.)
        * One or more digital signatures.'
    """ .

And the interesting thing is that it does not look like we need the notion of a certificate, and are able to get a lot done. Or rather: the foaf file is itself the certificate, and when it is served by an https server it is signed (during transmission). As per definition above the foaf file is a certificate because:
 - it contains a public key (and identitifes who knows the public key)
 - has information about the agent identified by the public key
 - and is signed (by the server when sent over https)
(so there is no need to place the signatures inside the foaf file)

The important piece is for how long a public key identifies an agent, as the one that knows it's private key. I think you could get a lot done just by specifying that.


Henry

Received on Monday, 22 February 2010 15:14:46 UTC