Re: Verifying WebID fails from Kingsley Idehen on 2017-06-28 (public-webid@w3.org from June 2017)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Wed, 28 Jun 2017 18:02:18 -0400
To: public-webid@w3.org
Message-ID: <90fee7c7-13bd-1d78-280e-2128a48003e9@openlinksw.com>

On 6/28/17 5:38 PM, Kingsley Idehen wrote:
> On 6/28/17 12:01 PM, Martynas Jusevičius wrote:
>> Kingsley,
>>
>> I am speaking about the WebID-TLS spec, more specifically
>> Authentication sequence and Verifying the WebID:
>> https://www.w3.org/2005/Incubator/webid/spec/tls/#the-webid-authentication-protocol
>> <https://www.w3.org/2005/Incubator/webid/spec/tls/#the-webid-authentication-protocol>
>>
>> None of the sections (see below) on WebID verification address the
>> failure to verify the public key, and I think a robust protocol
>> should. Am I missing something?
>
> Why is this important if the protocol is matching two public keys across:
>
> 1) Local Key Store
> 2) WebID-Profile Document.
>
> Remember, WebID-TLS is an additional lookup applied  TLS-Handshake. 
> The "TLS" part handles all matters required for successful
> TLS-handshake. The "WebID" part boils down to locating Public Key in
> WebID-Profile doc by dereferencing WebID in X.509 Cert SAN (the very
> X.509 Cert used during TLS CCA to provide data for handshake).
>
> Bottom line, if there is something wrong authentication fails. The
> entire process is about verify the claims associated with a WebID. 


To be clear, it is claims (mirrored between X.509 and WebID-Profile doc)
and "proof of work" (ability to place claims in WebID-Profile Document)
. This process passes or fails.

Once identify claims are verified the system in use could then progress
to resource access control evaluation, but that isn't part of WebID-TLS,
that's where WebACL comes into play.

-- 
Regards,

Kingsley Idehen       
Founder & CEO 
OpenLink Software   (Home Page: http://www.openlinksw.com)

Weblogs (Blogs):
Legacy Blog: http://www.openlinksw.com/blog/~kidehen/
Blogspot Blog: http://kidehen.blogspot.com
Medium Blog: https://medium.com/@kidehen

Profile Pages:
Pinterest: https://www.pinterest.com/kidehen/
Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen
Twitter: https://twitter.com/kidehen
Google+: https://plus.google.com/+KingsleyIdehen/about
LinkedIn: http://www.linkedin.com/in/kidehen

Web Identities (WebID):
Personal: http://kingsley.idehen.net/dataspace/person/kidehen#this
        : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Wednesday, 28 June 2017 22:02:46 UTC