- From: Anders Rundgren <anders.rundgren.net@gmail.com>
- Date: Sat, 11 Jan 2014 09:12:54 +0100
- To: Tim Holborn <timothy.holborn@gmail.com>, Read-Write-Web <public-rww@w3.org>, public-webid WebID Group <public-webid@w3.org>
Tim, Just a short comment. An X.509 certificate is always embedded in "something"; this has to date not required users of X.509 client certificates to also authenticate this "something", it is rather assumed that the owner of "something" keeps it under his/her control. Not even HSM (Hardware Security Modules) costing big bucks offer any standard mechanism for authenticating themselves. That doesn't mean that device authentication is uninteresting, it is actually a part of Google's U2F scheme http://www.ietf.org/mail-archive/web/pkix/current/msg32832.html but this part is only used during enrollment similar to a bank who only issues credentials to cards it has knowledge of. Anders On 2014-01-11 08:59, Tim Holborn wrote: > Following from the last array; reviewing the FOAF documents; the spec; http://xmlns.com/foaf/spec/ clearly outlines a person and things that describe that person... > > Whilst it could be developed; it seems like i’m missing something... > > ‘agents’ appear to be used as a method to identify something associated to that person for which the FOAF relates; such as an (instant messaging) account, which in-turn lives on something that usually the operator of the account does not own, and that is assumed to be used by them (subject to authentication). > > Perhaps the way to explain this is that it’s a passive identifier not an active identifier. > > (NB. on shared computers when working with kids, they love to leave a message on your FB if you forget to logout, which refers to the account not necessarily being used by the account holder but rather that the account is ‘owned’ (or operated) by that person…) > > So; my theory is, > > devices are not people and x509 certs are embedded in machines. Perhaps the URI could use dublincore (is there an ontology for ‘things that speak internet”?) in theory there’s two types of devices; active devices and passive devices, > > - A passive device is something like a rfid tag; and, > > - An active device is something like a computer. > > The first step is to identify the machines (so we know it’s a machine you’ve previously identified, as so the auth. is more relaxed.) the next is to associate it to something, whether it be a FOAF or a DOAP or whatever (eventually of course, there’s always FOAF involved). > > Dublincore provides ontological methods for descriptions of machines in addition to trees, etc. whilst no-one is going to log-onto a system using a x509 cert with embedded uri that describes a tree; i can see the benefit in describing that it’s my i7 machine; that i’m using to connect and store data to ubiquitous.data.fm whether or not i’m applying permissions to another site [1] to store data onto ubiquitous.data.fm and therefore creating a few different ‘authorised’ semantic links (x509+WAC documents?) between systems to support whatever function i’m attempting to carry out; and i can also see the benefit of a device connected to a tree, describing both itself and the tree it’s got sensors on, for its purpose of being there. might also come-back with some SNMP data or something that says they need to get the birds off the solar-panel power-supply, else it won’t be sending anymore data… > > I understand more than one URI can be given to a x509 cert, but the current method which was the trigger for some rather extensive communiqué was that it’s currently applied as an extension to SSL+FOAF and the distributed (certgen) nature is really highly beneficial (not sure what IPv6 does to it) but perhaps not easily relayed to an institutional SSL used with a FOAF message. > > and; perhaps beyond the auth issue; it also works the other way around, > > If i manage to catch a photo of the lockness monster or bigfoot with by happy snappy - universal communicator ('smartphone’) - then whilst the tag ‘bigfoot’ might then attribute to en.wikisemantics.org/bigfoot <http://en.wikisemantics.org/bigfoot> - it would likely also want to associate to both the phone (GIS data, date, time, etc.) me (foaf) and the ability to link perhaps ‘credibility’ of the records via a ‘string’ of fields; might make the million dollar difference in getting it on the news that night… In those types of cases, perhaps it less matters who takes the picture, it more matters whether the data says its more likely to be authentic… > > comments, rebuttals and/or contributions welcome ;) > > [1] site examples > http://mindmup.com/ > http://www.layoutit.com/build > http://codepen.io/ > https://www.draw.io/
Received on Saturday, 11 January 2014 08:13:34 UTC