W3C home > Mailing lists > Public > public-webpayments@w3.org > April 2013

Re: Webkeys, OpenID, WebID, OAuth etc..

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 22 Apr 2013 10:06:01 -0400
Message-ID: <517543C9.9000707@openlinksw.com>
To: public-webpayments@w3.org
On 4/22/13 4:04 AM, Henry Story wrote:
>> 3. No REQUIRED URLs for keys, making it non-trivial to figure out which
>> >   key signed a message.
> We don't dissallow it either. So it's just a case of the need being felt.
> If someone uses keys to sign then perhaps they should have
>
> <sigDoc> signedWith<http://joe.me/profile#mykey>;
>           signedBy<http://joe.me/profile#me>  .
>           sigOf <doc> .
>
>
>
How about the following, since they private key is never publicly 
accessible, plus the fact that the public key is used to verify a 
private key based signature:

<sigDoc> <#verifiableBy><http://joe.me/profile#mykey>;
          <#signedBy><http://joe.me/profile#me>  .
          <#sigOf> <doc> .



-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen






Received on Monday, 22 April 2013 14:06:28 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:07:23 UTC