W3C home > Mailing lists > Public > public-webid@w3.org > May 2013

Signed WebID documents and trust wrt GPG Web of Trust

From: Olivier Berger <olivier.berger@telecom-sudparis.eu>
Date: Tue, 28 May 2013 11:14:44 +0200
To: public-webid@w3.org
Message-ID: <87ppwbjwjf.fsf@inf-8657.int-evry.fr>
Hi.

In the discussion about the potential use of WebID + TLS as a mean to
sign-in to Debian Web services/apps, we somehow came to the conclusion
[0] that it could be used provided that we establish trust in WebIDs
presented by users, only if they are signed with a GnuPG signature made
by an existing Debian contributor, leveraging the existing Debian GnuPG
Web of Trust [1].

This use of an existing GnuPG WoT, which is essentially distributed,
fits well with many interesting aspects of WebID (under control of the
user, etc.).

Wrt Linked Data, this is not exactly optimal : GPG signatures apply for
documents and not triples, so the model is not as elegant as we'd want
it ? I guess other signature mechanisms could be more Linked Data proof,
and may make more sense wrt WebID and trust.

Has this topic of trust wrt WebID been discussed already ?

I guess it could make an interesting use case anyway.

Any comments ?

Best regards,

[0] http://lists.debian.org/debian-devel/2013/05/msg01098.html
[1] http://www.debian.org/doc/manuals/developers-reference/new-maintainer.html#registering
-- 
Olivier BERGER 
http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingenieur Recherche - Dept INF
Institut Mines-Telecom, Telecom SudParis, Evry (France)
Received on Tuesday, 28 May 2013 22:54:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:54:43 UTC