- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Tue, 27 Aug 2013 21:07:17 +0200
- To: Andrei Sambra <andrei.sambra@gmail.com>
- Cc: Olivier Berger <olivier.berger@telecom-sudparis.eu>, public-webid <public-webid@w3.org>
- Message-ID: <CAKaEYhLsmnFWGT_0SZuRcUncgLfsEjGkAwVnFg_5xOLkFCoUQQ@mail.gmail.com>
On 27 August 2013 21:04, Andrei Sambra <andrei.sambra@gmail.com> wrote: > I think the main topic here is WebID discovery by embedding a triple > pointing to a WebID inside a GPG key. You can also consider it as an > alternative authentication method, specific to GPG's web of trust, since > you would use GPG keys instead of certificates. It is very similar to > WebID-TLS, where your public key (which is published on a key repository) > contains a pointer to your WebID profile, and your profile document > contains an RDF representation of the public key. > Just set the keyserver field to be your profile. IIRC, it's a little known fact that GPG lets you do that ... > > Andrei > > > On Tue, Aug 27, 2013 at 7:58 PM, Melvin Carvalho <melvincarvalho@gmail.com > > wrote: > >> >> >> >> On 27 August 2013 17:13, Olivier Berger < >> olivier.berger@telecom-sudparis.eu> wrote: >> >>> Hi. >>> >>> I've been discussing web of trust with Andrei and others, in the context >>> of the Debian project, which already relies a lot on the GPG/OpenPGP web >>> of trust. >>> >>> So I've been wondering how to add a WebID pointer in a pubkey. However, >>> there doesn't seem to be some easily manageable way to add RDF to a key >>> (or at least I didn't discover it)... and I thought that a QR code as a >>> photo ID in the pubkey could be something to test out. >>> >>> So I've played a bit with the script below, and produced a QR code JPEG >>> that I added to my key. See my pubkey at [0]. >>> >>> Once decoded, it provides with a basic triple : >>> <> <http://xmlns.com/wot/0.1/identity> < >>> http://www-public.telecom-sudparis.eu/~berger_o/foaf.rdf#me> >>> >>> Maybe there would be a better way to encode this... or another ontology >>> ? >>> >>> In reverse, my WebID points to the pubkey. >>> >>> >>> The script : >>> >>> webid=http://www-public.telecom-sudparis.eu/~berger_o/foaf.rdf#me >>> echo '<> <http://xmlns.com/wot/0.1/identity> <'$webid'>' | qrencode -t >>> EPS -o webid.eps >>> #convert -verbose -monochrome -define jpeg:extent=1kb -strip -set >>> comment "WebID link as RDF" webid.eps webid.jpg >>> convert -monochrome -quality "5%" -strip -set comment "WebID link as >>> RDF" webid.eps webid.jpg >>> >>> Note that using 5% quality seemed to allow the qr code to be decoded by >>> zbarimg, while producing a JPEG image small enough for GPG to add it >>> without complaining on the file size. YMMV. >>> >>> >>> Would this be an interesting step to promote WebID, by taking adventage >>> of the existing GPG web of trust ? >>> >> >> Does GPG "certificate" allow you to link to a URL anywhere? I think the >> keyserver field might allow an HTTP URL. >> >> I've seen people tag a URL on the end of a PEM encoded key, but it's not >> exactly standard. >> >> My avatar in facebook contains a QR code pointer to my homepage (which >> contains my key) >> >> Is there anything the equivalent of subjectAlternativeName in GPG ... or >> maybe ive misunderstood the problem? >> >> >>> >>> What do you think. >>> >>> Best regards, >>> >>> [0] http://www-public.it-sudparis.eu/~berger_o/info/pubkey/pubkey.txt >>> -- >>> Olivier BERGER >>> http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: >>> 2048R/5819D7E8 >>> Ingenieur Recherche - Dept INF >>> Institut Mines-Telecom, Telecom SudParis, Evry (France) >>> >>> >>> >> >
Received on Tuesday, 27 August 2013 19:07:45 UTC