Re: Webkeys, OpenID, WebID, OAuth etc..

On 21 Apr 2013, at 20:17, Dave Longley <dlongley@digitalbazaar.com> wrote:

> On 04/21/2013 09:18 AM, Henry Story wrote:
>> 
>> ... your initial implementation was not a
>> WebID over TLS implementation at all.
> 
> This is false and perhaps even inflammatory at this point. We've had this discussion many times; each time you were disinterested in understanding the implementation we did. However, your disinterest had nothing to do with the technical merits of the implementation or its adherence to how WebID over TLS was described at the time.
> 
> Our implementation was of a TLS client that used a TLS client-side certificate with an alternate name that was a URL that the authentication server accessed to obtain the same public key in the client-side certificate given during the TLS handshake.

Ah I remeber. One part of it was WebID over TLS, with javascropt implementation of TLS. But not having access to the X509
certificates you had to build a very complicated non decentralised protocol around it. I am not sure where the crypto in
the browser stuff is going, but that's the only hope for that type of approach. And since that was not finished, we did
not make it our priority.

Of course you have a different use case. But for that the certificate ontology could still be useful. 

> -Dave
> 
> -- 
> Dave Longley
> CTO
> Digital Bazaar, Inc.
> 

Social Web Architect
http://bblfish.net/

Received on Sunday, 21 April 2013 19:16:17 UTC