Re: Webkeys, OpenID, WebID, OAuth etc..

On 4/16/13 1:59 PM, Jürgen Jakobitsch SWC wrote:
> :) please note, this example with hasPublicKey is very old and i just
> came to my mind that this was one of the first things i asked on the
> list, it should not be the cause for a permathread...
>
> what i was asking that time was, if it would be a good idea to seperate
> the key from webID profile. until now (as far as i know) it is only
> possible to come to the public key when dereferencing a webID profile
> document holding that key. this would support your suspicion that a
> public key is not discoverable as such.
>
> wkr j

Ah!

So an RDF document that describes the public key itself [1].

Link:

1. http://bit.ly/P0HVdI -- Post about the benefits of having a URI for a 
Public Key .

Kingsley
>
>
> On Tue, 2013-04-16 at 13:35 -0400, Kingsley Idehen wrote:
>> On 4/16/13 1:03 PM, Jürgen Jakobitsch SWC wrote:
>>> hi, your suspicion might be correct.
>>> maybe because we just used => keys <= so far that are not denoted by
>>> an own dereferenceable uri.
>> So you mean that entity denoted by a WebID would be in a :hasPublicKey
>> relation? If so, then at this point I would presume:
>> <http://www.w3.org/ns/auth/cert#key> owl:equivalentProperty :hasPublicKey.
>>
>> Then when you are offline you can add or remove that relation en route
>> to protecting against compromised computer which holds your cert. and
>> private key re. WebID+TLS protocol based identity verification.
>> Basically, you can delete the existing association(s) and then make new
>> ones based on your new WebID, Private Key, and Public Key combo.
>>
>> Kingsley
>>> wkr j
>>>
>>> see here [1], one of my first mails to the webID list :)
>>>
>>> [1]
>>> http://lists.w3.org/Archives/Public/public-xg-webid/2011Sep/0059.html
>>>
>>> On Tue, 2013-04-16 at 12:37 -0400, Kingsley Idehen wrote:
>>>> Manu,
>>>>
>>>> I just read:
>>>> https://hacks.mozilla.org/2013/04/web-payments-with-payswarm-identity-part-1-of-3/.
>>>>
>>>> Of the four points listed below, where does WebID+TLS fall short?
>>>>        1. It must be decentralized.
>>>>        2. It must support discoverability by using a resolvable address,
>>>>           like a URL or email address.
>>>>        3. It must support, with authorization, arbitrary
>>>>           machine-readable information being attached to the identity by
>>>>           3rd parties.
>>>>        4. It must be able to provide both public and private data to
>>>>           external sites, based on who is accessing the resource.
>>>>        5. It must provide a secure digital signature and encryption
>>>>           mechanism.
>>>>
>>>> My suspicion is point #2, but please confirm .
>>>>
>>>>
>>>>
>>>> -- 
>>>>
>>>> Regards,
>>>>
>>>> Kingsley Idehen 
>>>> Founder & CEO
>>>> OpenLink Software
>>>> Company Web: http://www.openlinksw.com
>>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>>>> Twitter/Identi.ca handle: @kidehen
>>>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>>>
>>>>
>>>>
>>>>
>>


-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen