- From: Nathan <nathan@webr3.org>
- Date: Tue, 01 Feb 2011 12:01:47 +0000
- To: Henry Story <henry.story@bblfish.net>
- CC: WebID Incubator Group WG <public-xg-webid@w3.org>
Henry Story wrote: > On 1 Feb 2011, at 11:54, WebID Incubator Group Issue Tracker wrote: > >> The WebID Protocol does not currently define how users should react to lost or stolen key pairs, the equivalent in other technologies would be certificate revocation or "password reset". >> >> The action(s) a user should take to "disable" the validity of a key pair, or the methods implementers should provide to cater for this, must be defined by the protocol. > > It is in fact very easy to do: just remove the public key from the Profile Document, and the next SSL connection should be invalidated. indeed, but this also ties in with for instance ISSUE-21 .. > This ties into a few other issues: how long should the profile document represenations be valid for? And when should the server go back to the remote server instead of using information in the cache? .. and ISSUE-23 , and ISSUE-18 (cache wss or xmpp?) - many of these are inter-related, and the resolution of one depends on the resolution of the other(s). Best, Nathan
Received on Tuesday, 1 February 2011 12:03:37 UTC