Re: Perceived issues with TLS Client Auth

On 9/27/12 6:14 AM, Henry Story wrote:
>    No the WebID is in the Certificate hidden from the user. The browser
> presents you with the Common Name (CN) of the Distinguished Name. You should
> therefore make the CN be something easy to identify eg:
>
>     benl@google.com  for your current work certificate
>     benl@apache.org  since you are a founding director of Apache
>       (http://en.wikipedia.org/wiki/Ben_Laurie  )
>
> Or whatever fits into a CN field. In fact your certificate provider
> should help you make the right choice.

See examples of what Henry states above at:

1. https://dl.dropbox.com/u/11096946/multiple-certs-are-fine-1.png -- 
keystore view
2. https://dl.dropbox.com/u/11096946/multiple-certs-are-fine-2.png -- 
keystore UI presented in response to authentication challenge
3. 
https://dl.dropbox.com/u/11096946/specific-certificate-view-showing-DN-CN-data.png 
-- specific certificate snapshot
4. 
https://dl.dropbox.com/u/11096946/specific-certificate-view-showing-DN-CN-data-2.png 
-- remaining part of cert. snapshot
5. 
http://id.myopenlink.net/about/id/entity/http/www.linkedin.com/in/kidehen -- 
WebID used to watermark for this particular certificate
6. 
http://id.myopenlink.net/about/id/entity/http/www.linkedin.com/in/kidehen#cert11680ABA333FAE0B2AC974A5009B6175C45A5045 
-- URI that resolves to my profile hosted x.509 certificate claims mirror .

It's all about the data exposed by Web-scale Linked Data graphs, 
courtesy of de-referencable URIs :-)

-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen