- From: Peter Williams <home_pw@msn.com>
- Date: Thu, 10 Feb 2011 09:38:03 -0800
- To: <nathan@webr3.org>, <scorlosquet@gmail.com>
- CC: <melvincarvalho@gmail.com>, <henry.story@bblfish.net>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>
- Message-ID: <SNT143-w15B6C17158DE59D7E32EDE92EC0@phx.gbl>
> >>> year. The use case we were discussing was about the Web in general wrt > >>> harvesting data for OGP, and the reason why OGP/FB will only consider the > >>> RDFa located in the <head> tag is that it's the only data they can trust > >>> to > >>> be authored by the author of the page (or the app), anything else on the > >>> page cannot be trusted and could be a comment left by some random person > >>> who > >>> would change the title of the page for example with some well crafted > >>> RDFa. if the webid claim asserted in via SSL client authn run ( using a self-signed or third party cert) points to self-signed version of the .crt file , then it can also contain in an extension some serialized RDF, including a bit of HTML with an RDFa component. There are variations 1. The webid's fragment tag can be a message-digest value, enabling the resource server to check the integrity of the graph culled from the profile document. AS Henry indicated, this makes it harder to rapidly change the profile doc (as one has to resign the self-signed cert, update the fragment tag for the new message digest value, and store it back on the server for use in identifier confirmation + graph integrity checking). 2. rather than use a self-signed cert, it could be a .crd file in windows land (that is just a self-signed xmldsig object, playing the same role as above). 3. its not hard to put either the xml of 2 or the serialized cert in an XHTML document. XML obviously works, and a cert can be reduced easily to a URI + querystring arg (with ascii-armored cert in "PEM" encoding) to be stored in the meta region as a LINK, tagged rel=webid. This all sacfices purity somewhat "of the foaf-agent". Buts, lots of graphs are getting sent around (which is what I want, right now) populating the world with graph processing capabilities. No major buyin is required of the IDPs (only their billion, willing users able to edit a link...meta), since the dominant IDPs are usually a pretty parochial, self-centered lot - its a self-preservation thing, in order to stay being a dominant IDP that is not dis-intermediated.
Received on Thursday, 10 February 2011 17:38:58 UTC