Re: Certificate Expiry (summary)

On 1/26/12 1:32 PM, Henry Story wrote:
> On 26 Jan 2012, at 19:12, Kingsley Idehen wrote:
>
>> On 1/26/12 12:08 PM, Joe Presbrey wrote:
>>> Hi all,
>>>
>>> I caught up with Henry in a quick chat earlier about this and will let
>>> you know a quick summary. Of course we all agree on extending the
>>> trust network via URIs, resolving, issues and signers, cosigners,
>>> freedom and liberty boxes, server clients, etc. all day long. In
>>> addition:
>>>
>>> 1) we should distinguish old keys from current keys with status,
>>> issuer, date, and/or other properties of the key in our profiles
>> Okay, so do we tweak the Cert. Ontology accordingly? Or make an adjunct
>> Assurance Ontology?
> I don't see a problem adding a few notBefore/notAfter relations to the
> cert ontology. We would want to state somehow that the relation between
> the user and the public key as being one of identification was only valid
> for a certain amount of time.
>
> What I am wondering is if that would make a difference to your argument
> outlined in the thread. If someone were to use certificate with a WebID
> that was backed up by a Profile whose key was described as being
> expired, would not the argument you had outlined in the thread still
> hold? Ie, that this is an issue with authorisation and not
> authentication?

Grey area that sits between the realms of Authentication and Authorization.

Tweaking the ontology solves the problem.  Solomon was an ontologist :-)


Kingsley
>
>>> 2) expired self-signed WebIDs should not "go out with the trash", if a
>>> hacker finds it, they can pretend they are you unless (1)
>>>
>>> 3) we should regard x509 properties in addition to (1) while WebID is
>>> delivered via x509, but prefer LD mechanisms to be compatible with
>>> other containers and transports
>> Yes.
>>
>> Kingsley
>>
>>> Best,
>>>
>>> --
>>> Joe Presbrey
>>>
>>>
>>> On Thu, Jan 26, 2012 at 11:40 AM, Henry Story<henry.story@bblfish.net>   wrote:
>>>> yes make sense +1 - just add Summary to front of the e-mail subject.
>>>> I think it would be good if each thread had a little summary.
>>>>
>>>> On 26 Jan 2012, at 17:35, Joe Presbrey wrote:
>>>>
>>>>> I drafted this summary email, if it looks good to you, do you want to send it?
>>
>> -- 
>>
>> Regards,
>>
>> Kingsley Idehen	
>> Founder&   CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com
>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>>
>>
> Social Web Architect
> http://bblfish.net/
>
>
>


-- 

Regards,

Kingsley Idehen	
Founder&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Received on Thursday, 26 January 2012 19:02:50 UTC