Re: [foaf-protocols] WebID pre-alpha specification (uses RDFa)

• From: Reto Bachmann-Gmür <me@farewellutopia.com>
• Date: Mon, 12 Jul 2010 16:19:00 +0200
• To: Manu Sporny <msporny@digitalbazaar.com>
• Cc: Toby Inkster <tai@g5n.co.uk>, foaf-protocols@lists.foaf-project.org, RDFa WG <public-rdfa-wg@w3.org>
• Message-ID: <AANLkTimp856jhqmy01rH5GDisCsUBU6IdMxG5uXrvRVR@mail.gmail.com>

Hi

Some opinions a first look:

- I'm against requiring RDFA as this means I cannot expose my triple
store as a collection of Web-Ids without adding some templates. If we
really think a format mus be guaranteed the I think it should be
RDF/XML.
- I disagree with 2.2.4, especially if the PPD is delivered oven an
insecure connection the server might have better ways to verify that
the claimed identity matches the keypair used by the request of the
client
- Webid/OpenId: it should be noted that the WebId identifies the
agent, while the OpenId identifies (an htmlt representation of the)
PPD (as Toby noted the two URIs are typically related)

Cheers,
reto

On Mon, Jul 12, 2010 at 10:44 AM, Toby Inkster <tai@g5n.co.uk> wrote:
> On Sun, 11 Jul 2010 17:28:51 -0400
> Manu Sporny <msporny@digitalbazaar.com> wrote:
>
>> Here's the link to the e-mail announcement on payswarm-dev:
>>
>> http://payswarm.com/pipermail/payswarm-dev/2010-July/000035.html
>
> This seems like a good start. However, the SPARQL query shown uses the
> deprecated form for marking up keys:
>
> PREFIX cert: <http://www.w3.org/ns/auth/cert#>
> PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
> SELECT ?modulus ?exp
> WHERE {
>   ?key cert:identity <http://example.org/webid#public>;
>      a rsa:RSAPublicKey;
>      rsa:modulus [ cert:hex ?modulus; ];
>      rsa:public_exponent [ cert:decimal ?exp ] .
> }
>
> The newer form uses datatypes instead of the cert:hex and cert:decimal
> properties:
>
> PREFIX cert: <http://www.w3.org/ns/auth/cert#>
> PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
> SELECT ?modulus ?exp
> WHERE {
>   ?key cert:identity <http://example.org/webid#public>;
>      a rsa:RSAPublicKey;
>      rsa:modulus ?modulus;
>      rsa:public_exponent ?exp .
> }
>
> It's possible to support both in the same SPARQL query:
>
> PREFIX cert: <http://www.w3.org/ns/auth/cert#>
> PREFIX rsa: <http://www.w3.org/ns/auth/rsa#>
> SELECT ?modulus ?exp ?modulus2 ?exp2
> WHERE {
>   ?key cert:identity <http://example.org/webid#public>;
>      a rsa:RSAPublicKey;
>      rsa:modulus ?modulus;
>      rsa:public_exponent ?exp .
>   OPTIONAL { ?modulus cert:hex ?modulus2 . }
>   OPTIONAL { ?exp cert:decimal ?exp2 . }
> }
>
> Using ?modulus2 and ?exp2 if they are bound; ?modulus and ?exp
> otherwise.
>
> A few other thoughts...
>
> The definition of "WebID URL" is:
>
>        | A URL specified in the Subject Alternative Name field
>        | of the Identification Certificate that identifies a
>        | WebID Profile document.
>
> Actually, the WebID URL identifies an Agent, typically a Person. The
> URL will normally contain a fragment identifier though, and by removing
> the fragment, you get the URL for a WebID Profile document; or if it
> does not contain a fragment identifier, it should perform a 303
> redirect to the WebID Profile document.
>
> There should probably be a definition for "WebID Holder" or something
> similar. And we should note that the WebID Profile may provide a
> description of the WebID Holder, typically using FOAF.
>
> I'd also like for RDF/XML to be another format that implementations are
> *required* to support. RDF/XML and XHTML+RDFa are the two RDF
> serialisations at W3C Rec status, so it seems sensible to grant them
> both equal status in the WebID spec. (Of course, there's growing
> interest within the W3C in standardising both Turtle and a JSON
> serialisation of RDF. I don't know how many serialisations it makes
> sense to require.)
>
> I think section 2.3.5 should be dropped. Once the identity of the agent
> has been established, it's up to the server what to do with that
> information. We should draw a line between authentication and
> authorisation. Apache does this and it works very well: you can swap
> authn and authz modules in and out independently of each other.
>
> Lastly, it would be nice to keep the foaf-protocols mailing list copied
> into this thread, as it's the main place where FOAF+SSL is discussed.
>
> --
> Toby A Inkster
> <mailto:mail@tobyinkster.co.uk>
> <http://tobyinkster.co.uk>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols@lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>

Received on Monday, 12 July 2010 15:27:48 UTC