Re: WebID-ISSUE-15: Native browser-based WebID-only certificate display

---------- Forwarded message ----------
From: Henry Story <>
Date: Tue, Sep 7, 2010 at 4:04 PM
Subject: [foaf-protocols] Selective presentation of WebID-only certificates

Manu Sporny logged this issue here:

Bruno Harbulot brought this up in April 2009

It came up again a few times such as in this thread

The issues I think is

 1. to check what the browser behavior really is
 2. to make sure the semantics of doing this is ok (I think it is)
 3. what would the name of this Cert Authority be
    Currently I have used the DN of
  "O=FOAF+SSL, OU=The Community of Self Signers, CN=Not a Certification
     but we would need to agree on this.

 I was thinking we should wait until we have a very formal process to decide
on this, because we want as many people to be happy with it as possible - or
else we would be in danger of not asking people with valid certificates for
certificates, just because they decided to choose another DN.

 So the issue is also in part to understand how bad the issue of multiple
certs is.  The advantage is that we could tie the DN to major spec version
numbers, ....

  Anyway this is a complex issue. It seems there is a solution to it, so
it's just a matter of working out the details.


Social Web Architect

On Mon, Jan 31, 2011 at 11:50 AM, WebID Incubator Group Issue Tracker < <>> wrote:

> WebID-ISSUE-15: Native browser-based WebID-only certificate display
> Raised by: Stéphane Corlosquet
> On product:
> Issue raised by Manu Sporny at
> When connecting to a WebID capable website, we need to understand how to
> display purely WebID-only certificates. This is an issue in corporate and
> university environments where client-side certificates are provided that
> could be selected when logging into WebID websites.
> The usability concern is that people might select the wrong certificate
> when connecting with a service, or that they don't have a WebID certificate,
> but are given the certificate selection prompt anyway (which would be very
> confusing to someone that doesn't know about certificates).
> We need to understand if there is a way to specify that only WebID
> certificates are requested on a WebID-capable website. If there is a way to
> do this, we need to settle on a naming convention or certificate authority
> name/chain that makes this possible.

Received on Monday, 31 January 2011 16:56:00 UTC