- From: WebID Incubator Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Thu, 27 Jan 2011 14:51:12 +0000
- To: public-xg-webid@w3.org
WebID-ISSUE-2 (bblfish): Explore the role of Issuer Alternative Names in WebIDs http://www.w3.org/2005/Incubator/webid/track/issues/2 Raised by: Henry Story On product: Explore the role of Issuer Alternative Names in WebIDs. Issuer Alternative Names (IAN) are part of the same extension of X.509 as Subject Alternative Names (SAN) which is what we are currently using, as per spec, to identify the user via preferrably and https WebID. So what can we do if we have a WebID for an IAN? Does having a WebID for an issuer on a server certificate other than a DNS name make sense? [1] Each idea will once explained clearly, require a proof that it really does do what we initially hope it could do. What is seems relatively clear is that the WebID protocol could be used to verify the Identity of the Issuer, assuming he has signed the certificate, in a very similar manner to the verification of the Subject. [1] for some insights see the RFC draft pointed out to us by Nathan http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-14 summarised by Jan Wildeboer http://lists.w3.org/Archives/Public/public-xg-webid/2011Jan/0063.html
Received on Thursday, 27 January 2011 14:51:14 UTC