RE: slow down and organize from peter williams on 2011-02-26 (public-xg-webid@w3.org from February 2011)

From: peter williams <home_pw@msn.com>
Date: Sat, 26 Feb 2011 04:33:20 -0800
CC: <public-xg-webid@w3.org>
Message-ID: <SNT143-ds16E879A0F3000C80B2A3FC92DC0@phx.gbl>

Yes. That's simple and understandable.

Its stripped of all religion.

I call it a "cert pingback". 

Receive a client cert  via SSL? Now do "cert pingback" to see if cert is
present in user's cert store on the web. 

Typically, user's cert store is just the user's HTML homepage, which embeds
cert/pubkey. 

It could be user's Opera Community profile page, alternatively. If so, the
SAN URI in cert is the Opera profile page URI.

Or, it could be the user's Opera Unite web server endpoint - so that the
cert pingback hits the user's Opera browser (by the magic of Opera Unite).

-----Original Message-----
From: public-xg-webid-request@w3.org [mailto:public-xg-webid-request@w3.org]
On Behalf Of Henry Story
Sent: Saturday, February 26, 2011 3:26 AM
To: Cosimo Streppone
Cc: public-xg-webid@w3.org
Subject: Re: slow down and organize

On 24 Feb 2011, at 01:45, Cosimo Streppone wrote:

> I'm trying to get a hold of WebID, and I'm still stuck at the basic 
> concept of it unfortunately.
> Following the various threads I often encounter new (for me) 
> technologies and concepts that make it difficult for me to focus and 
> get "the picture". Everyone fully understands X.509?

Cosimo, did any of those answers help?

X509 is very simple: it's just a document a bit like XML but in a binary
format, that contains a number of fields of which a user name (DN) in an old
ldap format, a Subject Alternative Name (optional) we abreviate SAN, a
public key, and it is signed by some other entity.

If you want to make it simplest the protocol could be the following:

1. create a self signed X509 cert with a webid that is a URL on your server
plus #me 2. place that certificate at that location 3. put the certificate
with private key in your browser

Next when you connect to a web server and it asks you for a client
certificate it will send your certificate. If the certs match the one at the
WebID, you are identified by that URI. 

done.

That is what the following proposes.

 http://www.w3.org/2005/Incubator/webid/track/issues/6

Does that make more sense when put like that?

	Henry

Social Web Architect
http://bblfish.net/

Received on Saturday, 26 February 2011 12:34:16 UTC