Re: cert:fingerprint ?

On 11/22/11 12:54 PM, Mo McRoberts wrote:
> On 22 Nov 2011, at 17:25, Kingsley Idehen wrote:
>
>> To cut a long story short, please look at: http://id.myopenlink.net/describe/?uri=http%3A%2F%2Fwww.openlinksw.com%2Fschemas%2Fcert%23Certificate . Follow the links.
> Feature request for /describe: show, in a copy&  pastable form, the ACTUAL URL. I’m sure I’m not the only one who finds it easier to read an RDF document than poking through that tabular interface.

Please look at the footer section, you have a plethora of data 
representation formats at your disposal. I opted to share an HTML 
document :-)

>
> I did follow the links, and I'm none the wiser as to what it is you're trying to show me.
>
> <http://www.openlinksw.com/schemas/cert>  tells me even *less* about what constitutes a fingerprint than WOT does? it's just… a string which happens to be attached to a certificate?

You have to explore the TBox (ontology links). In a nutshell, it is 
saying: we see virtue is using another part of a certificate for 
"mirrored claims" verification that underlies the WebID protocol. At the 
same time, we don't seek to disrupt existing effort, so we've enhanced 
WOT via terms in our own namespace. Bottom line, our WebIDs take many 
forms, the most generic being proxyURIs which ensure any WebID client 
still gets a graph and the ability to test existence of an association 
between a WebID and parts of an associated x.509 based security token.

>
>> We are using the Fingerprint as an optional alternative to looking up modulus and exponent. WebID adds "mirrored claims" to the mix re. TLS handshake. I believe modulus and exponent where initially choosen for this "mirrored claims" lookup on the basis of being the critical part of the security token used for the successful handshake. We've opted to add fingerprints to the mix since they are more compact and enable use leverage existing platforms like Twitter re. WebID publication.
> How does (as a user) Twitter use fingerprints? It's never asked me for a key, nor to my knowledge published one on my behalf? I am mystified.

Think a little different. It is about letting you use a tweet to publish 
claims associated a verifiable identifier (aka. WebID). It also enables 
a simple tweet deletion to invalidate a certificate in a 
keystore/keychain e.g. when you PC, notebook, tablet, phone gets stolen.

This is about killing the tedium associated with PKI which has taken us 
all to hell and back re. verifiable identity at InterWeb scales.

>
> Your original point was "there's conflation between certs and keys going on", which I don't doubt — because everything which talks about 'fingerprints' tends to not specify *what* binary data is being hashed and how, but all of the real-world uses of fingerprints in their various guises seem to be key-oriented, not cert-oriented, even if they pretend otherwise by being attached to certificates and certificate-related things.

Yes, and be it public key components (modulus and exponent) or an entire 
certificate hash, the end game is use of "mirrored claims" and security 
tokens as mechanism for verifying subjects.
>
> M.
>


-- 

Regards,

Kingsley Idehen	
President&  CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen