- From: Mo McRoberts <mo.mcroberts@bbc.co.uk>
- Date: Tue, 3 Jan 2012 22:37:13 +0000
- To: Kingsley Idehen <kidehen@openlinksw.com>
- Cc: public-xg-webid@w3.org
On 3 Jan 2012, at 22:08, Kingsley Idehen wrote: > On 1/3/12 2:48 PM, Mo McRoberts wrote: >>> > >>> When you sign the claim a verifier can apply WebID logic to it. Especially, when it already has record of your prior claim. This is what a proxy URI enables i.e., cache of prior claims (URI and Public Key relations) in an Idp space to which you have CRUD privileges. >>> >>> > >>> > <my-URI> owl:sameAs<http://kingsley.blogspot.com/> >>> > >>> > >>> Will not work in this scenario. Where is the proof? The relation is<my-URI> and a Public Key equivalent to<my-New-URI> and a Public Key, in my idp space. It isn't just about the statement. There is a context to which these equivalence semantics are being applied. >>> >>> > >>> > >>> Again, I am not mandating owl:sameAs without context of WebID. I am saying, in a nutshell, sign the owl:sameAs claim when its made in idp space. WebID lets you verify claims. >>> >> Sign it with WHAT? You've said the key in the cert has no impact. A newly minted key? Well, I (the attacker) can sign using a key *I* >> have just generated. >> >> >> >> > > I am saying the key is not the be all and end all. It the relations that matter. Your question is akin to asking: why do you need a composite key when each component of the key has unique identity and functionality in its own right. RIGHT, so you do in fact sign the new claim (the owl:sameAs) with the key that you used previously. Which is what I said previously. And a multitude of times subsequently. Each time to be met with a different obfuscated answer. This is like pulling teeth. -- Mo McRoberts - Technical Lead - The Space, 0141 422 6036 (Internal: 01-26036) - PGP key CEBCF03E, Project Office: Room 7083, BBC Television Centre, London W12 7RJ
Received on Tuesday, 3 January 2012 22:37:38 UTC