W3C home > Mailing lists > Public > public-rww@w3.org > April 2013

Re: Webkeys, OpenID, WebID, OAuth etc..

From: Jürgen Jakobitsch SWC <j.jakobitsch@semantic-web.at>
Date: Tue, 16 Apr 2013 19:59:35 +0200
Message-ID: <1366135175.9585.12.camel@linux-1rgw.site>
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: public-rww@w3.org
:) please note, this example with hasPublicKey is very old and i just
came to my mind that this was one of the first things i asked on the
list, it should not be the cause for a permathread...

what i was asking that time was, if it would be a good idea to seperate
the key from webID profile. until now (as far as i know) it is only
possible to come to the public key when dereferencing a webID profile
document holding that key. this would support your suspicion that a
public key is not discoverable as such.

wkr j


On Tue, 2013-04-16 at 13:35 -0400, Kingsley Idehen wrote:
> On 4/16/13 1:03 PM, Jürgen Jakobitsch SWC wrote:
> > hi, your suspicion might be correct.
> > maybe because we just used => keys <= so far that are not denoted by
> > an own dereferenceable uri.
> 
> So you mean that entity denoted by a WebID would be in a :hasPublicKey 
> relation? If so, then at this point I would presume:
> <http://www.w3.org/ns/auth/cert#key> owl:equivalentProperty :hasPublicKey.
> 
> Then when you are offline you can add or remove that relation en route 
> to protecting against compromised computer which holds your cert. and 
> private key re. WebID+TLS protocol based identity verification. 
> Basically, you can delete the existing association(s) and then make new 
> ones based on your new WebID, Private Key, and Public Key combo.
> 
> Kingsley
> >
> > wkr j
> >
> > see here [1], one of my first mails to the webID list :)
> >
> > [1]
> > http://lists.w3.org/Archives/Public/public-xg-webid/2011Sep/0059.html
> >
> > On Tue, 2013-04-16 at 12:37 -0400, Kingsley Idehen wrote:
> >> Manu,
> >>
> >> I just read:
> >> https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-identity-part-1-of-3/.
> >>
> >> Of the four points listed below, where does WebID+TLS fall short?
> >>       1. It must be decentralized.
> >>       2. It must support discoverability by using a resolvable address,
> >>          like a URL or email address.
> >>       3. It must support, with authorization, arbitrary
> >>          machine-readable information being attached to the identity by
> >>          3rd parties.
> >>       4. It must be able to provide both public and private data to
> >>          external sites, based on who is accessing the resource.
> >>       5. It must provide a secure digital signature and encryption
> >>          mechanism.
> >>
> >> My suspicion is point #2, but please confirm .
> >>
> >>
> >>
> >> -- 
> >>
> >> Regards,
> >>
> >> Kingsley Idehen	
> >> Founder & CEO
> >> OpenLink Software
> >> Company Web: http://www.openlinksw.com
> >> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> >> Twitter/Identi.ca handle: @kidehen
> >> Google+ Profile: https://plus.google.com/112399767740508618350/about
> >> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> >>
> >>
> >>
> >>
> 
> 

-- 
| Jürgen Jakobitsch, 
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| web       : http://www.semantic-web.at/
| foaf      : http://company.semantic-web.at/person/juergen_jakobitsch
PERSONAL INFORMATION
| web       : http://www.turnguard.com
| foaf      : http://www.turnguard.com/turnguard
| g+        : https://plus.google.com/111233759991616358206/posts
| skype     : jakobitsch-punkt
| xmlns:tg  = "http://www.turnguard.com/turnguard#"
Received on Tuesday, 16 April 2013 18:00:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:10:40 UTC