- From: Henry Story <henry.story@bblfish.net>
- Date: Tue, 19 Apr 2011 21:43:04 +0200
- To: "Mo McRoberts" <Mo.McRoberts@bbc.co.uk>
- Cc: <nathan@webr3.org>, "Kingsley Idehen" <kidehen@openlinksw.com>, <public-xg-webid@w3.org>
On 19 Apr 2011, at 21:23, Mo McRoberts wrote In relation to ISSUE-55: "explore WebID schema agnosticim": > > You do when it comes to conformance testing: as I said umpteen e-mails ago, if I'm building a server, how will I know what schemes people are expecting to use when they're authing with me — that has to be written down somewhere and testable before I can say “Log in with your WebID” :) I'd say http & https is the most widely supported at present. If suddenly a new schema comes up and makes it into Forbes and the Economist talks about it then I suppose we'll have an incentive to implement it. (Likely it made it there because we implemented it). The momentum of https is in my view overwhelming. It has the right security properties and is built for the web. But there is no reason to exclude other schemas. I wrote up an idea of using httpk schema here where the URI would contain the public key http://lists.w3.org/Archives/Public/public-xg-webid/2011Mar/0075.html This is in fact where having the Subject Alternative Name allow a number of WebIDs is of course useful. It will be especially so for transition periods between one protocol and another. So your certificate could just contain two WebIDs, an https one and an httpk one. Henry Social Web Architect http://bblfish.net/
Received on Tuesday, 19 April 2011 19:43:35 UTC