- From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Tue, 01 Feb 2011 11:04:46 +0000
- To: public-xg-webid@w3.org
WebID-ISSUE-23: Authorized Representations and Dereferencing a WebID URI [WebID Spec] http://www.w3.org/2005/Incubator/webid/track/issues/23 Raised by: Nathan Rixham On product: WebID Spec A fundamental element of the WebID protocol, if not the purpose of the protocol, is to establish a URI which can be used as a name (identifier) for the Identifying Agent. The authorized use of a WebID URI by an Identifying Agent is deemed (by the conceptual protocol) to be established by proving ownership of a token, and then verifying the presence of that token in a representation received by dereferencing the WebID URI. The realization of this element is currently defined by the use of Public/Private Key pairs, the public key is used as a token, ownership of that token is confirmed by passing the public key in a certificate as part of the TLS authentication flow (where ownership of the corresponding private key is proven), when the WebID is dereferenced the presence of the public key in the representation is verified, and the authorized use of that WebID URI is established. "WebID resource" is used in this case to refer to the agent which responds to dereferencing requests on the "WebID URI". It is therefore vital that: - the dereferencing process be well defined - the "origin server" which will respond to a dereference request is authorized to do so - the authenticity of the "representation" received by the act of dereferencing can be established - it can be proven that the representation has not been tampered with (signing) - or - cannot be tampered with (by removing the possibility of intermediaries). All of these points are not addressed by the current WebID protocol.
Received on Tuesday, 1 February 2011 11:04:48 UTC