W3C home > Mailing lists > Public > public-webid@w3.org > May 2014

Re: Question/idea: Self-contained WebID

From: Brian Allen Vanderburg II <brianvanderburg2@aim.com>
Date: Wed, 28 May 2014 09:56:46 -0400
Message-ID: <5385EB1E.9020802@aim.com>
To: public-webid@w3.org
I'm using the overview section at http://bblfish.net/tmp/2011/04/26/

This is what it seems to be saying.  Please correct any misconceptions.

The server that you log into must support HTTPS/TLS. This means either
spending money on an SSL certificate for the website or using StartSSL
for free at least as long as it is provided for free (or self-signing
and the user getting warnings about the certificate all the time). 
Since the X.509 cert. is sent to the server, how does the web
application that is being logged into get access to the information
needed from the cert?  Does this require the web server to handle the
authentication via some CA specified in the web server configuration, or
can the web application handle the checking of the cert via PHP/ASP/etc?

The server hosting the WebID profile doesn't have to be SSL. It is just
whatever URL is specified in the client-side X.509 certificate.

The client-side certificate references the WebID URL. If the location of
the WebID Profile changes for whatever reason (server shutting down,
domain name change), is it enough to edit the local client-side
certificate and change the URL field to point to another location for
any sites using it to keep working at the next login?  This would
probably break any web of trust that depends on the URL specified, but
could allow for keeping login working by moving the WebID Profile
somewhere else and updating the client-side certificate once?

Is it possible to generate your own WebID offline for use with multiple
sites by importing it into the browser and hosting the WebID Profile
online somewhere, or does it require an online site to generate?

Overall it looks very interesting and I definitely think that some
standard like this should exist and become widespread.

Received on Wednesday, 28 May 2014 13:59:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:05:55 UTC