Re: WebIDRealm

On 2 Jan 2012, at 18:48, Peter Williams wrote:

> 
> the distinction between the reference to the object (in the directory or web) and some label property in said object (once referenced) is confusing becuase folks do exactly what you just did, yourself. You happened to do it with something you regard as legacy (and you justify then abusing it, to make coding simple).


http://msdn.microsoft.com/en-us/library/windows/desktop/aa366101(v=vs.85).aspx

They give the following examples

DN: CN=Jeff Smith,OU=Sales,DC=Fabrikam,DC=COM

When you use OpenSSL and create a certificate it asks you a series of questions, in english that are pretty clear: your CN is meant to be your name or something similar.

Finally the CN is what is displayed by most browsers.

THE DN is the equivalent of the URI if you want, but the components have clearly defined relationships to strings human beings use. 

So your point is void, as usual.

> 
> 
> 
> You took a DN, from a cert, which is a reference. Unlike a DirectoryName type (that is printable), an DN is not. Its a pure machine-readable reference to a directory object, at which point one learns all the other properties of the thing the ref just located - including printable properties. Then one prints them, or uses them in better class UI.
> 
> 
> 
> You just did exactly to certs DN field what you complained folks do with URIs.
> 
> 
> 
> Obviously, Im being formal (and pretty anal). Of course, the world just does what you do, incorrectly. But they dont whine (accepting we are all imperfect, and do "what works" with minimal effort)
> 
> 
> 
> If you want the subject field of a cert to associate (correctly) with a UI-representation, use the correct type in the SAN. One type someone defined yonkjs ago (albeit in microsoft-land only, and in the days before 2000 and X.509 got SANs formally) has an HTML in the cert, so its web friendly. Then, this cert extension provides the bit of HTML that makes the UI behave correctly. I've been using it to convey a bit of signed RDFa for a while now (in MSFT land, only)
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>  		 	   		  

Social Web Architect
http://bblfish.net/

Received on Tuesday, 3 January 2012 03:35:19 UTC