Re: Signed WebID documents and trust wrt GPG Web of Trust

On 28 May 2013 11:14, Olivier Berger <olivier.berger@telecom-sudparis.eu>wrote:

> Hi.
>
> In the discussion about the potential use of WebID + TLS as a mean to
> sign-in to Debian Web services/apps, we somehow came to the conclusion
> [0] that it could be used provided that we establish trust in WebIDs
> presented by users, only if they are signed with a GnuPG signature made
> by an existing Debian contributor, leveraging the existing Debian GnuPG
> Web of Trust [1].
>
> This use of an existing GnuPG WoT, which is essentially distributed,
> fits well with many interesting aspects of WebID (under control of the
> user, etc.).
>
> Wrt Linked Data, this is not exactly optimal : GPG signatures apply for
> documents and not triples, so the model is not as elegant as we'd want
> it ? I guess other signature mechanisms could be more Linked Data proof,
> and may make more sense wrt WebID and trust.
>
> Has this topic of trust wrt WebID been discussed already ?
>

Manu Sporny, who wrote the original WebID+TLS spec, put together another
spec, WebKeys, to be used for encrypting and signing messages.

https://payswarm.com/specs/source/web-keys/

Could this solve the problem?

I'm unsure what you want to sign, the webid itself, the webid profile page,
or the triples associated with the agent ...


>
> I guess it could make an interesting use case anyway.
>
> Any comments ?
>
> Best regards,
>
> [0] http://lists.debian.org/debian-devel/2013/05/msg01098.html
> [1]
> http://www.debian.org/doc/manuals/developers-reference/new-maintainer.html#registering
> --
> Olivier BERGER
> http://www-public.telecom-sudparis.eu/~berger_o/ - OpenPGP-Id:
> 2048R/5819D7E8
> Ingenieur Recherche - Dept INF
> Institut Mines-Telecom, Telecom SudParis, Evry (France)
>
>
>
>