W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2012

RE: WebIDRealm - Modes - UsageScenarios

From: Peter Williams <home_pw@msn.com>
Date: Mon, 2 Jan 2012 15:19:18 -0800
Message-ID: <SNT143-W22177B889940C31B8A147992910@phx.gbl>
To: <j.jakobitsch@semantic-web.at>, <kidehen@openlinksw.com>
CC: "public-xg-webid@w3.org" <public-xg-webid@w3.org>

I was just baiting Henry, who should have stooped to your defense against the evil one. Im not sure why folks need such protection from me  - since I cannot make windows accept a client cert from just anyone, or even send out a RDFa stream from the spec that actually works. I dont exactly sound competent! do I?


The site is obviously work in progress, and will do fine. None of the gender issues are relevant, as my triples were in RDfa in the test - and the text specificaly note that this is not a supported option (this week). I suspect the code got 100% confused, and shewed some random principal.


My points on http and https will be important though. Many sites have certs with a certain exntesion that tune the UI into the address bar. If it doesnt match the certs and URls, Consumer are trained to assume phishing. We dont want webid to imply (in consumers mind) insecurity (and stolen bank numbers etc). 


But, your using of foaf card atribute in the UI brings a point up that concerns me.


we have had HTML embedded in certs for years. And, we have had SSL client authn for years (nearly 2 decades). But, NOONE wanted to use the cert as the store of the profile data, to be rendered on login. folks argued till they were blinkd that really they want nothing but a name, to be mapped to a LOCAL profile. The last thing they wanted was dependence on a site outside their control, given all the inaccuracy and schema problems that such would entail.


And here we all are saying that was bogus.


Now, it the cert really is a data uri and be in the range of a owl:SameAs property like any other URI, I dont see why it cannot now have HTML within, and thus RDFa triples. Then, we no longer need to ASSUME the meaning of a bag of URIs in the SAN. We could be actually stating what their meaning is. We might not even NEED to use the SAN URI, at all ...


When I argued for the SAN URI to Warwick Ford (when he came around as the relevant ISO person) *looking for* name schemes to stuff in the bag of alternatve name forms, I did not intend it to have the purposes we are discussing here. I intended it merely to point to an X.509 cert blob, on an ldaps or https endpoint.


Are we getting to the point where we might go BEYOND the SAN URI, and make a true semantic web cert?



Received on Monday, 2 January 2012 23:22:31 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:39:54 UTC