- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Sun, 01 Jan 2012 21:56:42 -0500
- To: public-xg-webid@w3.org
- Message-ID: <4F011CEA.7030607@openlinksw.com>
On 1/1/12 11:46 AM, Mo McRoberts wrote: > On 31 Dec 2011, at 17:24, Kingsley Idehen wrote: > >> Peter gave an example a while back where he loses his Blog space URIs (since he doesn't control Blogspot or WordPress) but still needs to be able access resources where his old Blog space (the IdP) URI is remains the focus of ACL list by those granting him access to resources (e.g., photos). In this case, he can present a Cert. that has his old URI and his new URI in the certs. SAN. The ACLs don't have to change, assuming the verifiers comprehend coreference claims. > There are a very limited number of ways in which that can work if the old URI no longer resolves to linked data matching up the with cert (as would be the case if the account at Blogspot was suspended, or Google shut it down, or whatever — including it now reflecting *somebody else's* claims) without making it trivially easy for hijacking to occur. Hijacking doesn't work if you are leveraging signed equivalence claims. This is why OWL is important. The semantics matter, the channel is secure, and the claim is signed. > > M. > -- Regards, Kingsley Idehen Founder& CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 2 January 2012 02:57:08 UTC