- From: Henry Story <henry.story@bblfish.net>
- Date: Thu, 20 May 2021 18:13:56 +0200
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: Kingsley Idehen <kidehen@openlinksw.com>, Read-Write-Web <public-rww@w3.org>
- Message-Id: <9F1F4E0B-5365-4F2D-A9CB-D9405672F877@bblfish.net>
> On 20. May 2021, at 18:05, Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > > On Thu, 20 May 2021 at 17:58, Henry Story <henry.story@bblfish.net> wrote: > > > > On 20. May 2021, at 17:48, Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > >> On Thu, 20 May 2021 at 17:22, Henry Story <henry.story@bblfish.net> wrote: > >> > >> > On 20. May 2021, at 17:17, Kingsley Idehen <kidehen@openlinksw.com> wrote: > >> > > >> > Changed title to orient focus. > >> > > >> > Here's what exists currently, putting blockchains aside. > >> > > >> > • I can generate an X.509 Certificate (which an expiration date) that functions as my Web Ticket > >> > • I can ACL protect my RDF documents and even associated services > >> > Adding a blockchain to the mix solves the following: > >> > >> Btw. with Verifiable Credentials we should now be in a position to go beyond X509 - finally! > >> It is also quite possible to bypass the TLS layer for authentication. > >> Finally one can use description logic to describe access rights. > >> > >> I am trying to bring all these ideas together here: > >> > >> https://github.com/solid/authentication-panel/blob/main/proposals/HttpSignature.md > >> > >> One type of description could be ownership of a ticket, signed by the agency giving out the tickets. > >> > > Interesting > > > > acl:agent [ cert:key </2019-09-02#k1> ], > > > > Are agent bnodes of this kind actually working, right now? > > > > If you have good Linked Data libraries those things just work themselves out nearly > automatically. > > I think I built that in rww-play 5 or 6 years ago, but I can’t remember clearly. > But in any case, I am rewriting the server right now from scratch as part of an EU project > https://github.com/co-operating-systems/Reactive-SoLiD > > The implementation is guding me in writing up these specs. > > Looks good. Two questions: > > 1. Can ECC keys be used right now -- last I checked webid was only RSA, DSA (and slow to change) WebID used the cert ontology and we only bothered with RSA because there was no good reason to compete with the work that was started at the IETF around that time, and there was nearly no way to convince them to do something in RDF. All we needed were proofs of concept. > > 2. can the predicate / literal be inlined and use the publicKeyPEM predicate from the security vocabulary [1] You will find the security vocabulary being used if you search for it in https://github.com/solid/authentication-panel/blob/main/proposals/HttpSignature.md There is still some cert ontology used in that document, as I know that well. But the process to move to the security vocabulary has started. > > If so, I think this could be implemented somewhat quickly and be spec compliant > > [1] https://w3c-ccg.github.io/security-vocab/#publicKeyPem > > > Henry Story > > https://co-operating.systems > WhatsApp, Signal, Tel: +33 6 38 32 69 84 > Twitter: @bblfish Henry Story https://co-operating.systems WhatsApp, Signal, Tel: +33 6 38 32 69 84 Twitter: @bblfish
Received on Thursday, 20 May 2021 16:14:11 UTC