Re: WebID-TLS + Credentials

On 06/20/2015 10:37 AM, Timothy Holborn wrote:
> Working on local issues, HbbTV is compatible with WebID-TLS from a 
> device layer (TV's).
> 
> It's potentially important that WebID-TLS becomes interoperable for 
> billing purposes with other systems that may be best addressed using
>  Credentials.
> 
> What is the current viewpoint on how these two standards may become 
> interoperable.

I don't think there's much that needs to be done to make them
compatible. WebID-TLS, as the name implies, operates at the TLS layer.
You could put your DID (decentralized identifier) into the
subjectAltName area of a certificate and it would work just like
WebID-TLS works today except you'd be dereferencing the DID through some
future (to be created) "WebDHT" protocol instead of HTTPS.

Once dereferenced, you'd have a "DID document", in JSON-LD
format, just like you'd get by dereferencing an HTTPS WebID URL today.
This document would have a public key in it (where its paired private
key was used in the TLS protocol) and you'd check that against what's in
the certificate just like you do today with WebID-TLS.

Remember, the identity work in the Credentials CG is just based off of
WebID. The WebID spec currently says a WebID is an HTTP or HTTPS URI --
we're just proposing a decentralized protocol that better supports
identity portability for the WebIDs in the credentials work. So, in
short, the scheme is very compatible. The only difference is that we're
looking to use a decentralized, portable identifier (DID) instead of an
HTTPS one.

Hopefully only a simple software update would be necessary to add
support for "WebDHT" look ups. The rest of the protocol would remain the
same.


-- 
Dave Longley
CTO
Digital Bazaar, Inc.

Received on Saturday, 20 June 2015 15:01:40 UTC