Re: cert:fingerprint ?

On 25 Oct 2011, at 23:32, Kingsley Idehen wrote:

> On 10/25/11 4:33 PM, Henry Story wrote:
>> [cc ed Evan Prodromou, since this is an interesting idea relating tweets and WebID]
>> 
>> 
>> On 25 Oct 2011, at 22:11, Kingsley Idehen wrote:
>> 
>>> On 10/25/11 4:07 PM, Kingsley Idehen wrote:
>>>> On 10/25/11 3:02 PM, Henry Story wrote:
>>>>> Ok, it is certainly possible to have a link from a cert:X509Certificate to a fingerprint. But what is the use you wish to make of this? Ie. the use case.
>>>>> 
>>>> I want to be able to use Blog Posts, Tweets as resources that hold the relation between a WebID and its host Certificate. Thus, instead of being confined to modulus and exponent based checks, I can just use the Certs. fingerprint.
>>>> 
>>>> BTW -- I already have this working i.e., I can use a Tweet or Blog Post to persist the fingerprint. The as part of our particular WebID verification protocol implementation, use this approach to verify identity. Thus, we are lowering the barrier of entry by allowing people to publish their certificates (with WebID watermarks) via Blog Posts, Tweets etc..
>>>> 
>>>> I hope the usecase is clear? It's really important for us to find a low cost pattern that highly viral re. WebID.
>>>> 
>>> Henry,
>>> 
>>> So it goes like this:
>>> 
>>> #me hasCertificate [ a cert:X509Certificate; hasFingerprint "F3:46:11:63:D9:5A:22:10:5F:4A:AD:65:33:50:DE:27" ; hasFingerprintDigest<md5>  ]
>> Ok so this is a whole program.  Here are a few concerns/questions:
>> 
>> 1. What are the security risks of this? - I don't expect you to answer it, rather some security people in the know might be able to tell us what the reliability of such fingerprints are, how easy is it to create a clash.
> 
> Hmm. how well do you know us? Our fundamental value proposition is actually based on data access security :-)
> We've be using graphs for security since 1992 re. data access. Remember, RDF isn't our introduction to graphs.
> 
>> As you can see Harry Halpin in another thread is making noises about unidentified security concerns. We need to be careful not to give such people ammunition. And in security paranoia is the norm it seems, as we can see with some of the veterans on this list.
> 
> Again, you seem to understand the makeup of OpenLink Software. Thus, I can only assume this is the basis for your assumptions above re. paranoia and veteran status.

No, I don't think of you as being paranoid, even if you are a veteran :-) I think if one is in the linked data world one has some good tools to combat paranoia.

> 
>> 2. How is that published? What is the mime type. As I see it, this is mainly useful in tweets. Anything with more space could clearly be able to hold the full public key, and so be immune to any issues that may arise now or in the future with fingerprint algorithms.
> 
> Tweets have <= 147 chars. That's the window, hence the fingerprint.
> 
>> 3. How is it viral? It is not because you can publish something on a large engine that it becomes viral.
> 
> Viral means: easy uptake via simple web linking patterns i.e., people pass it on because its easy to use and explain.
> 
> The fingerprint gets into the Twitter space via OAuth. That's how Twitter apps write data to Twitter.
> 
>> People still have to be able to use it for something that then makes them want to re-use it, and tell their friends about it. It has to be able to spread somehow.
>> 
> Yes, so they can get a WebID via a Cert. Generator that writes a Tweet or post to a Weblog that supports AtomPub.
> 
> Once you have a WebID you can do the following:
> 
> 1. send signed emails
> 2. share resources via ACLs.
> 
> Again, all because you encountered a security token generator that supports WebID watermarks, verification protocol, and the ability to post to Web 2.0 style data spaces.
> 
>> 4. How does a tweet tie into the linked data space? I can see that it could do that on Identi.ca, as it ties tweets to foaf. (so here the feedback from Evan Prodromou may be useful).
> 
> Twitter produces structured data that accessible via APIs. As per my example, turning Twitter data into Linked Data is something we and others have done since they release an API years ago.
> 
>> 5. What happens when tweets die? Ok someone get puts up a new tweet, I suppose.
> 
> Er.. its on the Web, it talks HTTP, we grok cache invalidation. We also have Virtuoso, it can also do reasoning etc..
>> I mean clearly I can see this being of interest as a test case to twitter engines. But as soon as they grok this, they will be able to place the full public key in a better linked space.
> 
> Distracting subjective statement to which I will not really respond.
>> Sorry for being critical. It's my nature. ;-)
> 
> You aren't being critical. I think you are sorta missing the point :-)
> 
> I am not seeking your approval. I am simply informing you about what we have and how it can tie into the goals of this effort.

I was just trying to dig deeper. 

Let us know how this evolves. We can try to make it more formal if it catches on.

Henry

> 
> 
> Kingsley
>> Henry
>> 
>>> seeAlso:
>>> http://search.twitter.com/search.json?q=%40Fingerprint:F3:46:11:63:D9:5A:22:10:5F:4A:AD:65:33:50:DE:27 -- structured data from Twitter space
>>> 
>>> The rest is transformation, and even better if said transformation is based on WOT ontology.
>>> 
>>> -- 
>>> 
>>> Regards,
>>> 
>>> Kingsley Idehen	
>>> President&   CEO
>>> OpenLink Software
>>> Company Web: http://www.openlinksw.com
>>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>>> Twitter/Identi.ca handle: kidehen
>>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>> 
>>> 
>>> 
>>> 
>>> 
>>> 
>> Social Web Architect
>> http://bblfish.net/
>> 
>> 
>> 
> 
> 
> -- 
> 
> Regards,
> 
> Kingsley Idehen	
> President&  CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
> 
> 
> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

Received on Tuesday, 25 October 2011 21:50:05 UTC