- From: Jonas Smedegaard <jonas@jones.dk>
- Date: Sun, 03 Mar 2019 19:01:33 +0100
- To: Sebastian Hellmann <hellmann@informatik.uni-leipzig.de>, public-webid@w3.org
- Message-ID: <155163609304.19101.12480773140163729845@auryn.jones.dk>
Quoting Sebastian Hellmann (2019-03-03 18:05:51) > Forgot something > > On 03.03.19 17:43, Sebastian Hellmann wrote: > >> *** > >> > >> An RDF document is served at the URL of my WebID. > >> > >> That is an identifier. Just like my birth certificate and my > >> passport are identifiers. > >> > >> It is not secure against identity theft. It is just a document. > > > > I see this differently. Birth certificate and passport are issued by > > trusted third parties and your passport contains hundreds of > > security measures, while the RDF document contains exactly 0. > > > > There are some weak security measures like file permissions, but this > is 755 and 644 normally. If you put the document in an encrypted > database I would choose to add this line into your .htaccess > apache.conf instead: ProxyPassMatch "^/me(.*)$" "/.file.ttl" Well I > would hide it better, you might never find it and give up and reformat > the server to fix it. You are again talking about web hosting security here. Imagine for a moment that the WebID+TLS protocol specification contained rules on how to configure an web hosting service using Apache2. You could then point out that the physical machine could be compromised if not secured by a steel box... What is your threat model? - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Received on Sunday, 3 March 2019 18:02:06 UTC